Corrected bug in all confirmed handlers: if a segmented message was received, the handler tried to decode it instead of immediately sending an abort. This caused lockup with WriteProperty.

bacnet-stack/demo/handler/h_awf.c

@@ -87,12 +87,21 @@ void handler_atomic_write_file(uint8_t * service_request,
 #if PRINT_ENABLED
     fprintf(stderr, "Received AtomicWriteFile Request!\n");
 #endif
-    len = awf_decode_service_request(service_request, service_len, &data);
     /* encode the NPDU portion of the packet */
     datalink_get_my_address(&my_address);
     npdu_encode_npdu_data(&npdu_data, false, MESSAGE_PRIORITY_NORMAL);
     pdu_len = npdu_encode_pdu(&Handler_Transmit_Buffer[0], src,
         &my_address, &npdu_data);
+    if (service_data->segmented_message) {
+        len = abort_encode_apdu(&Handler_Transmit_Buffer[pdu_len],
+            service_data->invoke_id,
+            ABORT_REASON_SEGMENTATION_NOT_SUPPORTED, true);
+#if PRINT_ENABLED
+        fprintf(stderr, "Segmented Message. Sending Abort!\n");
+#endif
+        goto AWF_ABORT;
+    }
+    len = awf_decode_service_request(service_request, service_len, &data);
     /* bad decoding - send an abort */
     if (len < 0) {
         len = abort_encode_apdu(&Handler_Transmit_Buffer[pdu_len],
@@ -100,14 +109,9 @@ void handler_atomic_write_file(uint8_t * service_request,
 #if PRINT_ENABLED
         fprintf(stderr, "Bad Encoding. Sending Abort!\n");
 #endif
-    } else if (service_data->segmented_message) {
-        len = abort_encode_apdu(&Handler_Transmit_Buffer[pdu_len],
-            service_data->invoke_id,
-            ABORT_REASON_SEGMENTATION_NOT_SUPPORTED, true);
-#if PRINT_ENABLED
-        fprintf(stderr, "Segmented Message. Sending Abort!\n");
-#endif
-    } else if (data.object_type == OBJECT_FILE) {
+        goto AWF_ABORT;
+    } 
+    if (data.object_type == OBJECT_FILE) {
         if (!bacfile_valid_instance(data.object_instance)) {
             error = true;
         } else if (data.access == FILE_STREAM_ACCESS) {
@@ -144,6 +148,7 @@ void handler_atomic_write_file(uint8_t * service_request,
             service_data->invoke_id,
             SERVICE_CONFIRMED_ATOMIC_READ_FILE, error_class, error_code);
     }
+AWF_ABORT:
     pdu_len += len;
     bytes_sent = datalink_send_pdu(src, &npdu_data,
         &Handler_Transmit_Buffer[0], pdu_len);