如何防止缓冲区溢出/阵列溢出？

Question

I was recently writing code for a custom serial communication protocol. What I did was, I used a part(8/16 bit) of the receiving data to denote how big the frame size is. Based on this data I expect that no of data to follow. I use Crc to accept or reject a frame. But I won't be able to include the frame length data in the Crc, since on the receiving end I should know how much data to expect, before processing a frame.

The issue that I faced is, occasionally this frame length data gets corrupted and it fools the receiver into receiving that many bytes, whereas the receiving array size is much lesser than that. This corrupts a lot of critical system variables that is present in the consecutive memory locations.

How do I prevent the buffer overflow from happening? My thoughts on this 1) Reject the framelength data if it goes beyond a certain value. 2) use a datatype that limits the max no. Like using a short which limits the scope of the array index to 256 memory locations, and create a buffer with 280 bytes. 3) allocate memory in a separate location, so that it doesn't affect the critical system variables.

One thing I used to prevent getting stuck in the receiving loop is by using a timeout. But I overlooked this aspect of the issue. It look me lot if time to confirm and reproduce the issue, since thus code is part of a larger system code, and I'm not an expert here.

Generally how to safely handle this type of issues?

Also: what are general considerations or standard practices to follow when using an array, to prevent it from overflowing?

Answer 1

There's a lot of things that can be used to minimize this issue, however there is no one size fit's all solution for this in general. You have to make decisions and understand what happens if something goes wrong and have your system be able to handle it.

You have to figure out what exactly fits best for your system. For example if you never expect a message to be greater than 256 then declaring the size of your buffer as 0xFF and the index of your buffer as a uint8_t you'll never be able to exceed it inserting one byte at a time as the index will never reach 256 and overflow back to 0. The downside of that is of course if this does happen, you overwrite some of the data received, but the crc check should reveal error in most cases.

Another thing you can do is compare the data length to the buffer max and not store the message if it exceeds your buffer. So you would outright reject any messages who's data length is too big and received, but not store data coming across. Obviously if the data length comes in corrupted often, you'll have a lot of issues with this.

To be honest, the best method is to rethink your custom serial communication protocol. It doesn't sound like it takes the errors you are encountering very well. You can have sync bytes at the beginning and end of your message to just make sure that you are actually receiving good data and CRC the entire message no problem and define max data packet sizes that will go across the wire and signal how many packets are to be received. If the communication protocol isn't very good then you have to rethink it from the bottom up.

Answer 2

first, check for framing errors, check for parity errors

second, check the magnitude of the data size. if too big or too small, reject the whole data block