Returning C-array serious flaw

[ghost]

The function isotp_continue_receive returns a copy of the structure IsoTpMessage.
But this one also embeds a C-array (payload) that has been allocated within the function, so, on the stack.

Due to this, once the function returns, the C-array points to some freed stack memory, and then may present corrupted data.

I got the issue running ARM based chipset: using the callback is safe, but the returned message contains garbage data.

I 've no idea of how to solve this without changing the API.

[peplin]

Great catch, thanks! I think an API change is OK, e.g. pass in a pre-allocated IsoTpMessage object by reference to isotp_continue_receive.

[ghost]

The C standard is not that clear about how complete C-arrays within a struct have to be handled and returned while they were allocated on the stack. The way I understand the C99-standard, it should work. - But I know that some releases of GCC return structs in different ways ( register vs memory) regarding of their size . -

Anyway, IMO, it makes more sense to pass an array allocated on the heap, by the caller.
For two main reasons:

• be able to allocate the 4096bytes which are required by the isotp standard. Such a bulk of bytes under a stack frame may be an issue for small embedded systems.
• Do not allocate and free the IsoTpMessage struct each time the caller enters this function. this sounds useless and incurs some cost.