Not executed variable overflowed

This might be a very stupid question, but i spent a lot of time and still couldn't spot the mistake. I'm using an ESP-32 chip, and here is part of the code:

void reader(void *pvParameters) {
  uint16_t read_sum[1024];
  size_t read_sum_sz = sizeof(read_sum);
  uint16_t count = 0;
  uint8_t * read_sum_pt = (uint8_t *)&read_sum;
  //String for_send;
  // The 4 high bits are the channel, and the data is inverted
  uint16_t offset = (int)ADC_INPUT * 0x1000 + 0xFFF;
  size_t bytes_read;
  while (1) {
    uint16_t buffer[2] = {0};
    i2s_read(I2S_NUM_0, &buffer, sizeof(buffer), &bytes_read, 15);
    //Serial.printf("%d  %d  %d\n", offset - buffer[0], offset - buffer[1],offset - buffer[2]);
    if ((bytes_read == sizeof(buffer)) && (is_client == 1)) {
      read_sum[count] = offset - buffer[0];
      if (count >= 1023) {
        webSocket.sendBIN(0, read_sum_pt, read_sum_sz);
        count = 0;
      }
      count++;
      //for_send = int64String(read_sum);
      //webSocket.sendTXT(0, for_send);
    } else {
      Serial.println("buffer empty");
    }
  }
}

it continuously generates these error:

rst:0xc (SW_CPU_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:1
load:0x3fff0018,len:4
load:0x3fff001c,len:928
ho 0 tail 12 room 4
load:0x40078000,len:8424
ho 0 tail 12 room 4
load:0x40080400,len:5868
entry 0x4008069c
0
abort() was called at PC 0x400861dd on core 1

Backtrace: 0x4008c948:0x3ffbe370 0x4008cb79:0x3ffbe390 0x400861dd:0x3ffbe3b0 0x40086309:0x3ffbe3e0 0x400e9dbf:0x3ffbe400 0x400e5c39:0x3ffbe6c0 0x400de3a4:0x3ffbe710 0x4008a019:0x3ffbe740 0x40089795:0x3ffbe770 0x400814ea:0x3ffbe790 0x400818f1:0x3ffbe7c0 0x4000bfed:0x3ffb1c20 0x4008a16d:0x3ffb1c30 0x4008a2f3:0x3ffb1c50 0x4008a376:0x3ffb1c70 0x400d58d7:0x3ffb1cb0 0x400d28dd:0x3ffb1ce0 0x400d2d04:0x3ffb1d10 0x400d2e25:0x3ffb1e10 0x400d2f03:0x3ffb1e30 0x400d1e91:0x3ffb1f60 0x400d6287:0x3ffb1fb0 0x400888e5:0x3ffb1fd0

Rebooting...
ets Jun  8 2016 00:22:57

The problem is related to the count variable, if i comment count++; out or add a line of count=0; right after it, there is no error. Looks like some kind of overflow problem, but by default this condition if ((bytes_read == sizeof(buffer)) && (is_client == 1)) is false, the count++ shouldn't even be executing. I tried to replace count++ by a print function, it doesn't execute.

Here are a few extra info might be relevant:

  1. The reason I noticed this is because the if code was a little different before, and that version generates an error of overflow in this function. That version is overwritten, now I cannot regenerate that error.
  2. I use xTaskCreatePinnedToCore to run this funcion on core0, it's a little weird the abort() is called by core1, where the main loop and the rest of the program runs on.

Am I making some fundamental mistakes here or this goes deep into the SoC's part?

It's not clear if you are using 'sizeof(array)' as the number of elements in an array. The 'sizeof' operator returns the number of bytes so, for your 'uint16_t' arrays, returns twice the number of elements.

If you want the number of elements in an array x, use

sizeof(x)/sizeof(x[0])

Thank you for your replies, I understand your suggestions, but that is not the case, webSocket.sendBIN(0, read_sum_pt, read_sum_sz); takes the start address of the array for sending as the 2nd argument and the length of the that array in memory as the 3rd argument, the sizeof(x) instead of sizeof(x)/sizeof(x[0]) is intentional.

I tested your theory anyway, in a simple few lines code of webSocket.sendBIN with sending a 5 elements uint16_t array, only half of the array will be sent. And if it's tested in the full function, there is the following error:

Guru Meditation Error: Core  0 panic'ed (Unhandled debug exception)
Debug exception reason: Stack canary watchpoint triggered (ADC_reader) 
Core 0 register dump:
PC      : 0x40010010  PS      : 0x00060036  A0      : 0x800d1da6  A1      : 0x3ffb8680  
A2      : 0x3ffb86a0  A3      : 0x00000000  A4      : 0x00000800  A5      : 0x3ffb8760  
A6      : 0x00000003  A7      : 0x00000080  A8      : 0x00000005  A9      : 0x00000020  
A10     : 0x00000020  A11     : 0x3ffbc1fc  A12     : 0x80084e0d  A13     : 0x3ffbc5a0  
A14     : 0x3ffb9a20  A15     : 0x3ffbc194  SAR     : 0x00000000  EXCCAUSE: 0x00000001  
EXCVADDR: 0x00000000  LBEG    : 0x4000c46c  LEND    : 0x4000c477  LCOUNT  : 0x00000073  

Backtrace: 0x40010010:0x3ffb8680 0x400d1da3:0x3ffb8690 0x400888e5:0x3ffb8ec0

Rebooting...
ets Jun  8 2016 00:22:57

I found this post esp32 - Why do I get the Debug exception reason: Stack canary watchpoint triggered (main)? - Stack Overflow, it also suggests some stack overflow. I will try to increase the stack depth as suggested in the post later today.

Another weird thing I noticed is that if I comment out webSocket.sendBIN in the function, the error is also gone. I start to feel that this might be a lower level issue...

Update: it's confirmed to be a stack overflow problem, I selected a larger stack depth for xTaskCreatePinnedToCore, and problem is solved.