Mbed forum

HardFault on STM32F103

(Christoph Rüdiger) #1

Hi!

I’m hunting a strange bug since a few days. I’m running into a Hard Fault with the CPU flags declaring an imprecise bus fault. Strangely enough, the CPU hits this bug only in the memset call in mbedtls_x509_crt_verify_with_profile, in detail in the STR.B assembler call within the memset implementation. And even more strange, this happens only with a four-byte access to that memory location. In a hand-written loop (instead of said memset call) with one-byte access to the array to clear, everything works fine. But the hand-written loop crashes also with four-byte access to the address.

Why am I writing this in this forum? Because it happens only in that particular mbedTLS function. I can access the same memory addresses from everywhere else in the code, but it blows up reliably in said location. Tested with ARMCC and armgcc compilers. It’s invariant against address changes, the address is very well within the physically available SRAM, and it’s invariant against any timing (all peripheral units [timers, CAN, USART, etc] turned off, no interrupts there).

Has anyone seen the same or a similar behavior for this platform (Cortex-M3)? I’m really out of ideas here.

Regards,
Christoph

(Christoph Rüdiger) #2

Sorry for spamming around here. At the end, it turned out to be a null-pointer deref, which got signalled by the MCU at the next store (sic!). So, just a heads up for everyone: your CPU might hit you late. Lesson learned for me.

In detail: I didn’t pass any flags to mbedtls_x509_crt_verify because I’m not interested in the cause of the verification failure. Turns out that this flags variable is required, because the function writes on the flags pointer unconditionally. Maybe a bug, maybe a must and the documentation should mention that it’s required.

(Ron Eldor) #3

Thank you for reporting this issue.
I have raised an issue on your behalf in our github repository