MAVSDK core dump on zero length mission

MAVSDK
1

I strongly suspect there’s a bug in mission_raw_server_impl.cpp probably here:

void MissionRawServerImpl::set_current_seq(std::size_t seq)
{
    if (_current_mission.size() < static_cast<size_t>(seq)) {
        return;
    }

    _current_seq = seq;

    // If mission is over, just set item to last one again
    auto item = seq == _current_mission.size() ? _current_mission.back() :
                                                 _current_mission.at(_current_seq);
    auto converted_item = convert_item(item);
    _parent->call_user_callback([this, converted_item]() {
        if (_current_item_changed_callback) {
            _current_item_changed_callback(converted_item);
        }
    });

    mavlink_message_t mission_current;
    mavlink_msg_mission_current_pack(
        _parent->get_own_system_id(),
        _parent->get_own_component_id(),
        &mission_current,
        static_cast<uint16_t>(_current_seq));
    _parent->send_message(mission_current);
}

If the mission is empty the if statement on the top:

    if (_current_seq + 1 > _current_mission.size()) {
        return;
    }

leave execution reach the line:

    auto item = seq == _current_mission.size() ? _current_mission.back() :
                                                 _current_mission.at(_current_seq);

probably calling .back() on empty mission cause a core dump.

BTW the problem is triggered by a, probably faulty, empty mission upload but it seems to be an acceptable behaviour for QGroundControl.

2

Corresponding GitHub issue: Uploading empty mission on mission_raw_server lead to core dump · Issue #1962 · mavlink/MAVSDK · GitHub

1 Like
3

I add an empty() check in the if guard of the top of set_current_seq function . Tried it with a simple test and it seems to work. I submitted it as a pull request.

1 Like