AnsweredAssumed Answered

Using floating point format specifiers can cause system crashes

Question asked by Bryan Hunt on Jun 14, 2013
Latest reply on Jul 10, 2013 by Lorenzo Fornari

I noticed this issue. I have submitted it to Freescale already but I thought it would be good to also provide this information for users of MQX that may be using floating point in their applications. This affects all platforms since it is in device independent PSP code.

 

Summary of Problem:

Floating point specifiers in print statements (%f, %e, %g) are

currently unsafe and can potentially cause system corruption

and sporadic crashes.

 

File: io_fp.c

Function: _io_cvt

Line: 482 - *--p1 = (char)((uint_32)tmpintpart + '0');

 

In this case p1 is decremented from the end of the buffer through

the beginning and further up the stack until it collides with

something that will cause system stability problems (like the

return pointer and saved registers) since NDIG is defined as 154

on line 78 of fpio_prv.h

 

A couple ways to prevent this crash:

#define NDIG (3 + MANT_BITS + EXP_BIAS)

i.e. 1078 bytes which will mean you'll have to likely bump your task stacks from whatever they are by an additional 900 bytes.

 

Or coerce your variable into floats prior to passing them into the print statements.

 

Outcomes