From 2cb665cc5127784db958d6f516c5935f891e480c Mon Sep 17 00:00:00 2001 From: Matthew Kennedy Date: Thu, 8 Oct 2020 18:02:15 -0700 Subject: [PATCH] Check for sd buffer overrun (#1867) * use actual header size * and the buffer can be a little smaller --- .../console/binary_log/binary_logging.cpp | 23 ++++++++++++------- firmware/console/binary_log/binary_logging.h | 2 +- firmware/console/status_loop.cpp | 10 ++++---- 3 files changed, 21 insertions(+), 14 deletions(-) diff --git a/firmware/console/binary_log/binary_logging.cpp b/firmware/console/binary_log/binary_logging.cpp index 43d599c309..f555029201 100644 --- a/firmware/console/binary_log/binary_logging.cpp +++ b/firmware/console/binary_log/binary_logging.cpp @@ -48,18 +48,18 @@ static const LogField fields[] = { {tsOutputChannels.tpsAccelFuel, GAUGE_NAME_FUEL_TPS_EXTRA, "ms", 3}, {tsOutputChannels.ignitionAdvance, GAUGE_NAME_TIMING_ADVANCE, "deg", 1}, {tsOutputChannels.sparkDwell, GAUGE_COIL_DWELL_TIME, "ms", 1}, -// {tsOutputChannels.coilDutyCycle, GAUGE_NAME_DWELL_DUTY, "%", 0}, + {tsOutputChannels.coilDutyCycle, GAUGE_NAME_DWELL_DUTY, "%", 0}, {tsOutputChannels.idlePosition, GAUGE_NAME_IAC, "%", 1}, {tsOutputChannels.etbTarget, "ETB Target", "%", 2}, {tsOutputChannels.etb1DutyCycle, "ETB Duty", "%", 1}, {tsOutputChannels.etb1Error, "ETB Error", "%", 3}, -// {tsOutputChannels.fuelTankLevel, "fuel level", "%", 0}, + {tsOutputChannels.fuelTankLevel, "fuel level", "%", 0}, {tsOutputChannels.fuelingLoad, GAUGE_NAME_FUEL_LOAD, "%", 1}, {tsOutputChannels.ignitionLoad, GAUGE_NAME_IGNITION_LOAD, "%", 1}, {tsOutputChannels.massAirFlow, GAUGE_NAME_AIR_FLOW, "kg/h", 1}, }; -void writeHeader(char* buffer) { +size_t writeHeader(char* buffer) { // File format: MLVLG\0 strncpy(buffer, "MLVLG", 6); @@ -77,11 +77,7 @@ void writeHeader(char* buffer) { buffer[12] = 0; buffer[13] = 0; - // Data begin index - always begin at 4096 = 0x800 bytes to allow space for header - buffer[14] = 0; - buffer[15] = 0; - buffer[16] = 0x08; - buffer[17] = 0x00; + // Index 14-17 are written at the end - header end offset // Record length - length of a single data record: sum size of all fields uint16_t recLength = 0; @@ -96,12 +92,23 @@ void writeHeader(char* buffer) { buffer[20] = 0; buffer[21] = efi::size(fields); + size_t headerSize = MLQ_HEADER_SIZE; + // Write the actual logger fields, offset 22 char* entryHeaders = buffer + MLQ_HEADER_SIZE; for (size_t i = 0; i < efi::size(fields); i++) { size_t sz = fields[i].writeHeader(entryHeaders); entryHeaders += sz; + headerSize += sz; } + + // Data begin index: begins immediately after the header + buffer[14] = 0; + buffer[15] = 0; + buffer[16] = (headerSize >> 8) & 0xFF; + buffer[17] = headerSize & 0xFF; + + return headerSize; } static uint8_t blockRollCounter = 0; diff --git a/firmware/console/binary_log/binary_logging.h b/firmware/console/binary_log/binary_logging.h index 0234698024..dd0d6200f3 100644 --- a/firmware/console/binary_log/binary_logging.h +++ b/firmware/console/binary_log/binary_logging.h @@ -1,4 +1,4 @@ #include -void writeHeader(char* buffer); +size_t writeHeader(char* buffer); size_t writeBlock(char* buffer); diff --git a/firmware/console/status_loop.cpp b/firmware/console/status_loop.cpp index 7353e6ffd0..3f8a147f84 100644 --- a/firmware/console/status_loop.cpp +++ b/firmware/console/status_loop.cpp @@ -119,7 +119,7 @@ static void setWarningEnabled(int value) { #if EFI_FILE_LOGGING // this one needs to be in main ram so that SD card SPI DMA works fine -static char sdLogBuffer[2300] MAIN_RAM; +static char sdLogBuffer[2200] MAIN_RAM; static uint64_t binaryLogCount = 0; #endif /* EFI_FILE_LOGGING */ @@ -147,16 +147,16 @@ void writeLogLine() { if (!main_loop_started) return; - size_t length = efi::size(sdLogBuffer); - + size_t length; if (binaryLogCount == 0) { - memset(sdLogBuffer, 0xAA, length); - writeHeader(sdLogBuffer); + length = writeHeader(sdLogBuffer); } else { updateTunerStudioState(&tsOutputChannels); length = writeBlock(sdLogBuffer); } + efiAssertVoid(OBD_PCM_Processor_Fault, length <= efi::size(sdLogBuffer), "SD log buffer overflow"); + appendToLog(sdLogBuffer, length); binaryLogCount++;