Async Labs wifi shield - buffer overflow

Projects Networking, Protocols, and Devices
1

I have a simple little sketch that samples temperature and humidity every few minutes and sends the data to a web server via wifi, using an Async Labs shield. It runs for while happily transmitting, sometimes for several days but it will eventually crash hard and need a manual reset.

I have long suspected that there was a problem in the shield library and today I found it. In g2100.c I found this snippet:

		case ZG_INTR_ST_RD_CTRL_REG:
		{
			U16 rx_byte_cnt = (0x0000 | (hdr[1] << 8) | hdr[2]) & 0x0fff;
			zg_buf[0] = ZG_CMD_RD_FIFO;
			spi_transfer(zg_buf, rx_byte_cnt + 1, 1);

			hdr[0] = ZG_CMD_RD_FIFO_DONE;
			spi_transfer(hdr, 1, 1);

			intr_valid = 1;
			intr_state = 0;
			break;
		}

zg_buf's size is 400 bytes. Verizon kindly broadcast packets to me that are over 600 and so when one arrives, there is going to be massive buffer overflow. I'm a little surprised that it runs as long as it did. I note that this problem has been observed before, but didn't find this out until I had found this and then knew to search for ZG_INTR_ST_RD_CTRL_REG. I don't see any solution though.

Before I dig into the details of talking to the ZG2100 over SPI to try and repair this, does anyone know of an existing fix?

2

Hey there - was driving me nuts - here is a link on it - http://asynclabs.com/forums/viewtopic.php?f=23&t=432&p=2980&hilit=rx_byte_cnt

This is what I have that fixed it for me - as far as I can tell at this point. It fixed 2 different problems related to this overflow.

case ZG_INTR_ST_RD_CTRL_REG:

{
U16 rx_byte_cnt = (0x0000 | (hdr[1] << 8) | hdr[2]) & 0x0fff;

//Jep This section was modified to prevent network
//packets from resetting the board every 2 minutes
if (rx_byte_cnt < (U16)UIP_BUFSIZE) {
zg_buf[0] = ZG_CMD_RD_FIFO;
// Copy ZG2100 buffer contents into zg_buf (uip_buf)
spi_transfer(zg_buf, rx_byte_cnt + 1, 1);

//jep – out moved to below hdr[0] = ZG_CMD_RD_FIFO_DONE;
spi_transfer(hdr, 1, 1);
// interrupt from zg2100 was meaningful and requires further processing
intr_valid = 1;
}
else {
//incoming data too big ignore it and continue
intr_state = 0;
}

// Tell ZG2100 we're done reading from its buffer
hdr[0] = ZG_CMD_RD_FIFO_DONE;
spi_transfer(hdr, 1, 1);

// Done reading interrupt from ZG2100
intr_state = 0;

break;
}
}

3

U16 rx_byte_cnt = (0x0000 | (hdr[1] << 8)| hdr[2]) & 0x0fff;
Well, there's your problem. The Arduino IDE has no idea how far to shift the data...