AnsweredAssumed Answered

An MFS function call ioctl using IO_IOCTL_FIND_FIRST_FILE results in structure misalignment

Question asked by George Joseph on Oct 16, 2017
Latest reply on Oct 18, 2017 by Daniel Chen

I’m trying to use the ioctl call to an sdcard to search for a filename and then delete it. When the function call returns it has an illegal ram address in the structure. After digging for several days I have collected some information on the problem.

 

/* MFS part of the software */

MFS_SEARCH_DATA search_data;

MFS_SEARCH_PARAM search;

char filepath[46] = "";// used for the input filename wildcard

char filename_buffer[46]; // returned filename

 

search.ATTRIBUTE = MFS_SEARCH_LFN;

search.WILDCARD = filepath;

search.SEARCH_DATA_PTR = &search_data;

search.LFN_BUF = filename_buffer;

search.LFN_BUF_LEN = sizeof(filename_buffer);

search. SEARCH_DATA_PTR->ATTRIBUTE = MFS_SEARCH_LFN;

search.SEARCH_DATA_PTR->LFN_BUF = filename_buffer;

search.SEARCH_DATA_PTR->LFN_BUF_LEN = sizeof(filename_buffer);

 

// Check to see if this file exists. If so then delete it before creating a new one

sprintf(filepath, "snapshot%d_*.bin", file_index.intervention_snapshot_file); // wildcard filename

error_code = ioctl(a_fd, IO_IOCTL_FIND_FIRST_FILE, &search);

 

if(error_code == MFS_NO_ERROR)

{

    sprintf(int_snapshot_file_name, "%s", search.SEARCH_DATA_PTR->LFN_BUF);

}

while(error_code == MFS_NO_ERROR)

{

    error_code = ioctl(a_fd, IO_IOCTL_DELETE_FILE, int_snapshot_file_name);

    error_code = ioctl(a_fd, IO_IOCTL_FIND_NEXT_FILE,search.SEARCH_DATA_PTR); // Check if there are more

    if(error_code == MFS_NO_ERROR)

    {

         sprintf(int_snapshot_file_name, "%s", search.SEARCH_DATA_PTR->LFN_BUF);

    }

}

 

A look at the addresses of the structure before and after the function call:

 

Just before the call to error_code = ioctl(a_fd, IO_IOCTL_FIND_FIRST_FILE, &search);

(Had to create variables to read addresses because the Expressions window was giving a different value than when I did a mouse over). These values are from MFS_SEARCH_PARAM.

 a = (uint32_t)&search.SEARCH_DATA_PTR->INTERNAL_SEARCH_DATA.WILDCARD;

 b = (uint32_t)&search.SEARCH_DATA_PTR->INTERNAL_SEARCH_DATA.ATTR_ONE_MASK

 c = (uint32_t)&search.SEARCH_DATA_PTR->INTERNAL_SEARCH_DATA.ATTR_ZERO_MASK;

 d = (uint32_t)&search.SEARCH_DATA_PTR->INTERNAL_SEARCH_DATA.DIR_CHAIN_LOC

 e = (uint32_t)&search.SEARCH_DATA_PTR->LFN_BUF;  =  0x20012fc6

After stepping into the file mfs_find.c and function _mfs_error MFS_find_init(    MFS_DRIVE_STRUCT_PTR drive_ptr,

    MFS_SEARCH_PARAM_PTR sp_ptr,

    MFS_SEARCH_DATA_PTR sd_ptr):

The sp_ptr pointer is pointing to the same address as "search" from above.    

a = (uint32_t)&sp_ptr->SEARCH_DATA_PTR->INTERNAL_SEARCH_DATA.WILDCARD;

    b = (uint32_t)&sp_ptr->SEARCH_DATA_PTR->INTERNAL_SEARCH_DATA.ATTR_ONE_MASK;

    c = (uint32_t)&sp_ptr->SEARCH_DATA_PTR->INTERNAL_SEARCH_DATA.ATTR_ZERO_MASK;

    d = (uint32_t)&sp_ptr->SEARCH_DATA_PTR->INTERNAL_SEARCH_DATA.DIR_CHAIN_LOC;

    e = (uint32_t)&sp_ptr->SEARCH_DATA_PTR->LFN_BUF;

In sp_ptr->SEARCH_DATA_PTR->INTERNAL_SEARCH_DATA.DIR_CHAIN_LOC you can see that address of this element of the structure MFS_SEARCH_PARAM is two bytes different than in search.SEARCH_DATA_PTR->INTERNAL_SEARCH_DATA.DIR_CHAIN_LOC (0x20012f9e vs 0x2001fa0)

When the line sd_ptr->LFN_BUF = sp_ptr->LFN_BUF; is reached (in MFS_find_init()) it copies the filename to 0x20012fa0 and when it returns to the calling function the variable “search” looks for the filename in 0x20012f9e resulting in a shift of the contents of LFN_BUF.

Any ideas why this is happening?

Outcomes