Guard realtime accounting against corrupt NaN/Inf values (#1216)#1218
Open
gskjold wants to merge 1 commit into
Open
Guard realtime accounting against corrupt NaN/Inf values (#1216)#1218gskjold wants to merge 1 commit into
gskjold wants to merge 1 commit into
Conversation
The EnergyAccountingRealtimeData struct lives in non-initialized RAM on ESP32 (__NOINIT_ATTR) so it survives a reboot. It was validated only by a single magic byte, which is not enough to distinguish valid data from garbage left by a previous firmware: a struct-layout change across an upgrade can shift fields while byte 0 still happens to equal 0x6A. The stale float fields were then served verbatim, producing invalid JSON in data.json such as "i": -nan and absurd cost values (issue #1216), which breaks the dashboard. Two layers of defense: - Add a CRC16 over the struct contents; reinitialize when either the magic byte or the CRC mismatches. The CRC is refreshed after every update(). - Sanitize the realtime getters so NaN/Inf can never leak into JSON/MQTT output, mirroring the existing isnan guard in getUseLastMonth(). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
🔧 PR Build ArtifactsVersion: All environments built successfully. Download the zip files:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Issue #1216: after a firmware upgrade,
data.jsonreturned invalid JSON like"i": -nanand absurd cost values (e.g.9.5e25) underea.h, breaking the dashboard.Root cause
EnergyAccountingRealtimeDatalives in non-initialized RAM on ESP32 (__NOINIT_ATTRinAmsToMqttBridge.cpp) so realtime accounting survives a reboot. It was validated only by a single magic byte (0x6A). That is not enough to distinguish valid data from garbage left by a previous firmware: a struct-layout change across an upgrade can shift fields while byte 0 still happens to equal0x6A, so stale bytes get reinterpreted as floats (yielding NaN / huge values). Those floats were then served verbatim via%.2f, and the toolchain prints NaN as-nan— invalid JSON.This matches the report: a C3 board reflashed across versions during development, while another device upgraded cleanly.
Fix
Two complementary layers:
crc16over the struct contents (reusingsrc/decoder/.../crc.h). The struct is reinitialized when either the magic byte or the CRC mismatches, so stale RAM from an incompatible build is discarded. The CRC is refreshed at the end of everyupdate().0, so corrupt floats can never leak into JSON/MQTT output. Mirrors the existingstd::isnanguard ingetUseLastMonth().Verification
pio run -e esp32c3dev— SUCCESS (reported device)pio run -e esp8266dev— SUCCESS (non-NOINIT path)🤖 Generated with Claude Code