Skip to content

Fix memory overflow in getFiles() causing device crashes #7924

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: develop
Choose a base branch
from
Open

Fix memory overflow in getFiles() causing device crashes #7924

wants to merge 6 commits into from
+166 −28

Conversation

@capricornusx
Copy link
Contributor

@capricornusx capricornusx commented Sep 8, 2025

  • Replace recursive vector allocation with reference passing in getFiles()
  • Add heap memory check before file manifest generation in PhoneAPI
  • Limit file count to 50 to prevent memory exhaustion
  • Add safety checks for file paths and names
  • Include unit tests for memory protection logic

Fixes crash when Android app connects to web server due to std::bad_alloc in getFiles() function during file manifest generation.

Serial log output 
INFO | 18:50:21 476 [ServerAPI] Client wants config, nonce=11

abort() was called at PC 0x401febbf on core 1
#0 0x401febbf in __cxxabiv1::__terminate(void (*)()) at /builds/idf/crosstool-NG/.build/xtensa-esp32-elf/src/gcc/libstdc++-v3/libsupc++/eh_terminate.cc:47

Backtrace: 0x4008414d:0x3ffd7db0 0x400976fd:0x3ffd7dd0 0x4009d531:0x3ffd7df0 0x401febbf:0x3ffd7e70 0x401fec06:0x3ffd7e90 0x401fef4b:0x3ffd7eb0 0x401feeaa:0x3ffd7ed0 0x4015a141:0x3ffd7ef0 0x40159f56:0x3ffd8050 0x401388b2:0x3ffd81b0 0x4012e5c9:0x3ffd8400 0x40139fd3:0x3ffd8420 0x4013f451:0x3ffd8440 0x40150de6:0x3ffd8460 0x4013bed9:0x3ffd8480 0x400e9545:0x3ffd84d0
#0 0x4008414d in panic_abort at /home/runner/work/esp32-arduino-lib-builder/esp32-arduino-lib-builder/esp-idf/components/esp_system/panic.c:408
#1 0x400976fd in esp_system_abort at /home/runner/work/esp32-arduino-lib-builder/esp32-arduino-lib-builder/esp-idf/components/esp_system/esp_system.c:137
#2 0x4009d531 in abort at /home/runner/work/esp32-arduino-lib-builder/esp32-arduino-lib-builder/esp-idf/components/newlib/abort.c:46
#3 0x401febbf in __cxxabiv1::__terminate(void ()()) at /builds/idf/crosstool-NG/.build/xtensa-esp32-elf/src/gcc/libstdc++-v3/libsupc++/eh_terminate.cc:47
#4 0x401fec06 in std::terminate() at /builds/idf/crosstool-NG/.build/xtensa-esp32-elf/src/gcc/libstdc++-v3/libsupc++/eh_terminate.cc:57
#5 0x401fef4b in __cxa_throw at /builds/idf/crosstool-NG/.build/xtensa-esp32-elf/src/gcc/libstdc++-v3/libsupc++/eh_throw.cc:95
#6 0x401feeaa in operator new(unsigned int) at /builds/idf/crosstool-NG/.build/xtensa-esp32-elf/src/gcc/libstdc++-v3/libsupc++/new_op.cc:54
#7 0x4015a141 in getFiles(char const, unsigned char) at ??:?
#8 0x40159f56 in getFiles(char const*, unsigned char) at ??:?
#9 0x401388b2 in PhoneAPI::handleToRadio(unsigned char const*, unsigned int) at ??:?
#10 0x4012e5c9 in StreamAPI::runOncePart() at ??:?
#11 0x40139fd3 in ServerAPI<WiFiClient>::runOnce() at :?
#12 0x4013f451 in non-virtual thunk to ServerAPI<WiFiClient>::runOnce() at :?
#13 0x40150de6 in concurrency::OSThread::run() at ??:?
#14 0x4013bed9 in loop() at ??:?
#15 0x400e9545 in loopTask(void*) at :?

ELF file SHA256: 135cc040bef33510

E (12115) esp_core_dump_flash: Core dump flash config is corrupted! CRC=0x7bd5c66f instead of 0x0
Rebooting...

🤝 Attestations

  • I have tested that my proposed changes behave as described.
  • I have tested that my proposed changes do not cause any obvious regressions on the following devices:
    • TLORA_V2_1_16

@thebentern thebentern requested a review from Copilot September 8, 2025 20:31

This comment was marked as outdated.

Sign in to view

@thebentern thebentern requested a review from Copilot September 8, 2025 22:24
Copilot AI reviewed Sep 8, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes a critical memory overflow issue in the getFiles() function that was causing Android app crashes due to std::bad_alloc exceptions during file manifest generation. The fix implements memory protection mechanisms and limits file enumeration to prevent device crashes.

Key changes:

  • Replaces recursive vector allocation with reference passing in getFiles()
  • Adds heap memory checks before file manifest generation
  • Implements a 50-file limit to prevent memory exhaustion

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
src/FSCommon.cpp Refactors getFiles() to use reference passing and adds safety checks for file paths and count limits
src/mesh/PhoneAPI.cpp Adds heap memory validation before file manifest generation to prevent crashes
test_memory_fix/test/test_memory/test_main.cpp Adds unit tests for memory protection logic and file counting limits
test_memory_fix/platformio.ini Configures test environment for memory protection unit tests

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@capricornusx
Copy link
Contributor Author

capricornusx commented Sep 11, 2025

@thebentern
Is anything else needed from me before merging?

@capricornusx
Copy link
Contributor Author

capricornusx commented Sep 19, 2025

@thebentern, please, re-run job

@jp-bennett jp-bennett added the bugfix Pull request that fixes bugs label Sep 19, 2025
@capricornusx @fifieldt
Fix memory overflow in getFiles() causing device crashes
a0b4405 
- Replace recursive vector allocation with reference passing in getFiles()
- Add heap memory check before file manifest generation in PhoneAPI
- Limit file count to 50 to prevent memory exhaustion
- Add safety checks for file paths and names
- Include unit tests for memory protection logic

Fixes crash when Android app connects to web server due to std::bad_alloc
in getFiles() function during file manifest generation.
@capricornusx @fifieldt
Replace magic number with MAX_PATH_LENGTH constant
d3d2255
@capricornusx @fifieldt
Fix type compatibility issues
9901cbb 
- Replace magic number 200 with MAX_PATH_LENGTH constant
- Fix std::min type mismatch by casting to size_t
@capricornusx @fifieldt
Add comprehensive documentation for safety measures
7575db0 
- Document memory protection mechanisms in getFilesRecursive()
- Explain file count, path length, and recursion depth limits
- Improve code maintainability with clear safety constraints
@fifieldt fifieldt force-pushed the fix-getfiles-memory-overflow branch from 96434e2 to 7575db0 Compare September 22, 2025 03:51
@capricornusx
Copy link
Contributor Author

capricornusx commented Oct 18, 2025

up

fifieldt
fifieldt reviewed Oct 31, 2025
View reviewed changes
@capricornusx capricornusx force-pushed the fix-getfiles-memory-overflow branch from 73e3c77 to e216154 Compare November 26, 2025 19:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fifieldt fifieldt fifieldt left review comments

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

bugfix Pull request that fixes bugs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@capricornusx @fifieldt @jp-bennett