Write service: writing an empty array leads the server to crash
Description
Writing an empty array of any types in a Variable value attribute leads the server to crash with a segfault signal.
Analysis
SOPC_DataValue_Copy
-> SOPC_Variant_Copy
is failing on empty array case. It leads to evaluate a degraded case branch of the function write_value_pointer_bs__copy_write_value_pointer_content
which is calling OpcUa_WriteValue_Clear
on the address of the pointer of the writeValue instead of the pointer of the writeValue. It finally causes memory issue and segfault signal
Fix
- Fix the
SOPC_Variant_Copy
function to allow the copy of an empty array - Fix
write_value_pointer_bs__copy_write_value_pointer_content
to callOpcUa_WriteValue_Clear
on the writeValue pointer instead of the writeValue pointer address