Buffer overflow in __po_hi_msg_append_data
A buffer overflow occurs when appending data for sending data through a sporadic interface mapped on a socket connection.
In the function __po_hi_msg_append_data [po_hi_messages.c], the buffer msg->content is written beyond the size limit __PO_HI_MESSAGES_MAX_SIZE.
We haven't been able to find the root cause of the problem. So far, we've seen that the msg parameter is pointing to the global variable __po_hi_c_sockets_send_msg, defined in po_hi_driver_sockets.c. It's not clear to us how this variable is protected from simultaneous access from several threads. It might also be that the size of the message is too large.
We've modified the file po_hi_messages.c to check and print a message in case of buffer overflown. The modified file and the trace generated is provided in attachment. We've come across this issue when working with the Exoter rover, so unfortunately we cannot provide a working sample that could be tested outside the robot. Please, let us know what other information we can provide.