我将Tencentos移植到主芯片为stm32的程序中,使用4g模块接收服务器的数据(mqtt格式),但在做测试时发现一个导致程序复位的问题:解析消息时长度不对,不知道有没有人遇到过同样的问题,求解!
我的接收任务如下:
`static void mqtt_rec_task(void *arg) {
uint8_t read_data[256];
int read_len = 0;
k_err_t err;
while (1) {
err = tos_sem_pend(&sem_rec, TOS_TIME_FOREVER);
//收取MQTT消息
read_len = tos_mqtt_receive(rec_topic, rec_topic_len, read_data,
sizeof(read_data));
if (read_len >= 0) {
read_data[read_len] = 0;
if(read_len >= 3) {
iDebugPrint(DBG_LEV_VERBOSE,
"---------->topic: %s, payload: %02x%02x%02x, payload_len: %d\r\n",
rec_topic, read_data[0], read_data[1], read_data[2], read_len);
}
if (rec_data_pro_fun) {
rec_data_pro_fun(read_data, read_len);
}
mqtt_connected_state = 1;
}
if (err != K_ERR_NONE) {
}
}
}`
遇到问题后调试定位到tos_mqtt_receive函数中,为详细查找问题,在里面添加了打印函数,其它代码不动:
`int tos_mqtt_receive(char *topic, int topic_len, unsigned char *payload, int payload_len)
{
int topic_copy_len, qos;
unsigned char dup, retained;
unsigned short packet_id;
unsigned char *incoming_data;
int incoming_data_len, payload_copy_len;
MQTTString incoming_topic;
unsigned char buffer[BUFFER_LEN];
if (MQTTPacket_read(buffer, sizeof(buffer), transport_getdata) != PUBLISH) {
return -1;
}
if (MQTTDeserialize_publish(&dup, &qos, &retained, &packet_id,
&incoming_topic, &incoming_data, &incoming_data_len,
buffer, sizeof(buffer)) != 1) {
return -1;
}
if (payload) {
payload_copy_len = incoming_data_len < payload_len ? incoming_data_len : payload_len;
/**printf("len_2:%d\n",payload_copy_len);**/
memcpy(payload, incoming_data, payload_copy_len);
}
if (topic) {
topic_copy_len = incoming_topic.lenstring.len < topic_len ? incoming_topic.lenstring.len : topic_len;
/**printf("len_3:%d\n",topic_copy_len);**/
strncpy(topic, incoming_topic.lenstring.data, topic_copy_len);
if (topic_copy_len <= topic_len - 1) {
topic[topic_copy_len] = '\0';
}
}
return incoming_data_len;
}
`
接收一帧完整的消息LOG如下:
V:len_1:38
[09:45:25.732]收←◆V:len_2:3
V:len_3:31
V:---------->topic: vehicle/541235795641023/control, payload: 020301, payload_len: 3
分两次接收如下:
V:len_1:27
[09:45:13.811]收←◆V:len_1:11
V:len_2:3
V:len_3:31
V:---------->topic: vehicle/541235795641023/control, payload: 020301, payload_len: 3
出问题的LOG如下:
V:len_1:13
[09:45:51.701]收←◆V:len_1:25
[09:45:51.731]收←◆V:len_2:-1410437840
//以下是复位LOG
I:==============================
I: HELLO WORLD
I:==============================
I:--------SYSTEM RESET STATE CHECK--------
E:System Software reset
E:System Pin reset
I:----------------------------------------
I:host task create
在tos_mqtt_receive函数中payload_copy_len 的数据为负数,小于我定的payload_len,而在下一句数据拷贝时导-1410437840(补码0xABEE 6D30)太大而导致数组溢出。
求解:
为什么MQTTDeserialize_publish会导致这个问题