Why is the vector table maimed after a LwIP network message

Fellow developers,

A strange phenomenon is keeping me busy for a number of weeks and I need some inspiration to understand and hopefully solve

this problem:

The vector table of a STM32F207 is partially rewritten due to an unknown message is received via the LwIP stack.

The stackpointer, reset vector, NMI handler, memory manager and bus fault addresses are altered afterwhich the system

does not startup anymore (due to the corrupted reset vector).

In order to trap the circumstances when the problem occurs, I added a test in the vApplicationTickHook of FreeRTOS that checks

if the contents of the reset vector at 0x08000004 has changed. The ticker interval is 1 millisecond, and when the vector is corrupted,

the system returns to the Idle hook.

There is no possibility to set a breakpoint on writing to the reset vector since there is only an SWD debug interface,

but maybe there are other methods to locate the cause of this problem.

The problem can be reproduced within minutes, occasionally the problem is detected when the LwIP starts to obtain the DHCP lease,

but mostly it occures after some webinterface interactions like reloading a webpage.

Note that build environment is ST CUBE 1.4.1 that contains LwIP 2.0.3.

Any help or suggestions are more than welcome,

Best regards,

Ischa

This topic has been closed for replies.

Visitor II

Note that:

setting a breakpoint on all possible flash write functions did not halt the MCU.
enabling write protection on the flash sector via the option bytes still result in this problem

Visitor II

EDIT: removed remark on good and bad screenshots with the layout of the vector table, since I can not upload any files

Graduate II

Sign up