Library error - dwt_uwb_driver 6.0.7 - Corrupting memory with dwt_getframelength()


We try to evaluate the DW3000 Family but some things did not work as expected. After some debugging I found that the library v6.0.7 is corrupting my stack. After some digging I found that uint16_t dwt_getframelength(void) is declaring a uint16_t variable on the stack and then is calling dwt_ioctrl() with a pointer to that variable. Sadly the result from ull_getframelength() is then stored with a word wide store command to that adress, which invalidates the 2 bytes in front of that on the stack.

Since that is actually a saved state from the R4 register, which is stored on the stack in the function call of dwt_getframelength() itself, it is not possible to reserve some area on the stack before calling the library.

The screenshot shows the function call to ull_getframelength, the following store is where the data on the stack is corrupted.

If anyone could confirm this I would be very happy, I can’t believe there is such a bug in such a common function.

TLDR: CPU Register R4 is corrupted after calling dwt_getframelength. Please fix or help :slight_smile:

I would guess the fix is easy, using uint32_t frame_length; instead of uint16_t in dwt_getframelength(), but since the source could is not public I can not tell for sure or validate it. (HINT!).

Looks like the same bug @carl reported here:

I agree that these kinds of bugs show the poor quality of the binary-only library. Qorvo should either properly maintain the library or make it open source again!

1 Like