[Bug 1574] New: Null Dereference from _Objects_Extend_information
bugzilla-daemon at rtems.org
bugzilla-daemon at rtems.org
Sat Jun 19 16:11:51 UTC 2010
https://www.rtems.org/bugzilla/show_bug.cgi?id=1574
Summary: Null Dereference from _Objects_Extend_information
Product: RTEMS
Version: 4.10
Platform: All
OS/Version: RTEMS
Status: NEW
Severity: normal
Priority: P3
Component: cpukit
AssignedTo: joel.sherrill at oarcorp.com
ReportedBy: joel.sherrill at oarcorp.com
Created an attachment (id=805)
--> (https://www.rtems.org/bugzilla/attachment.cgi?id=805)
Coverity Analysis
Coverity Id 31
This has been reported since the very first Coverity Scan runs but I couldn't
see how to duplicate this. I had an insight on the way home and added sp70
which cores dumps on exactly the spot they claimed.
Breakpoint 3, _Objects_Extend_information (information=0x201e6a4)
at
../../../../../../rtems/c/src/../../cpukit/score/src/objectextendinformation.c:230
230 information->object_blocks[ block ] = new_object_block;
(gdb) n
235 _Chain_Initialize(
(gdb) c
Continuing.
DUnexpected trap ( 7) at address 0x02005BC8
memory address not aligned
This problem occurs when you delete the "middle" unlimited objects. This
takes you down the path through lines 74-76 for finding a NULL slot.
I think there is some memory allocation that should occur in this case
as well but the memory allocation code later only is executed when we
need to "extend" the set, not fill in a gap in the middle.
I suspect that (1) some of the code in the if at 109 should be done in
this case and that (2) a bool flag "do_extend" which is set as needed
around the code at 70-80 would fix this and make it easier to read.
I have attached the Coverity Scan analysis. sp70 is already in the tree.
This impacts unlimited on previous releases as well.
--
Configure bugmail: https://www.rtems.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the bugs
mailing list