Probably stack corruption in AttitudeManager.c adjustVNOrientationMatrix.c

[sergei1152]

It looks like there could be possible stack corruption in the adjustVNOrientationMatrix function within AttitudeManager.c. You can see we declare an array of 9 floats, and pass it onto the vectornav function
VN100_SPI_GetRefFrameRot .

void adjustVNOrientationMatrix(float* adjustment){

    adjustment[0] = deg2rad(adjustment[0]);
    adjustment[1] = deg2rad(adjustment[1]);
    adjustment[2] = deg2rad(adjustment[2]);

    float matrix[9];
    VN100_SPI_GetRefFrameRot(0, (float*)&matrix);
    ...otherstuff...
}

Inside this function however we see that its going to try to write 12 bytes onto the variable (look at for loop). This will cause a corruption of the stack. According to chris everytime the adjustVNOrientation matrix function is called, the picpilot crashes, so this would explain why.

VN100_SPI_Packet* VN100_SPI_GetRefFrameRot(unsigned char sensorID, float* refFrameRot){

  unsigned long i;

  /* Read register */
  VN100_SPI_ReadRegister(sensorID, VN100_REG_RFR, 12);

  /* Get reference frame rotation parameters */
  for(i=0;i<12;i++){
    refFrameRot[i] = VN_SPI_LastReceivedPacket.Data[i].Float;
  }

  /* Return pointer to SPI packet */
  return &VN_SPI_LastReceivedPacket;
}

[sergei1152]

This is actually due to the incorrect documentation found at the vectornav library, as it states you need to pass a 9x1 matrix

[CoatedMoose]

9 floats should be 18 bytes iirc, so writing 12 chars should still be 6 shy of a problem.

…

On Jan 14, 2017 3:49 PM, "Serge Babayan" ***@***.***> wrote: This is actually due to the incorrect documentation found at the vectornav library, as it states you need to pass a 9x1 matrix — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#77 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AArikTDuu17EpzHVez9h-6VsbicBYS5tks5rSV8dgaJpZM4LjxxV> .

[sergei1152]

Its writing 12 32-bit words and i believe floats are 4 bytes

[CoatedMoose]

Refframerrot (what is being written into) is of type float, so it is trying to copy 12 floats into 9 floats of space. (Stack corruption) Tangentially, matrix is already of type float*, so the & is redundant, and therefore so is the cast.