[Bug 1574] Null Dereference from _Objects_Extend_information

bugzilla-daemon at rtems.org bugzilla-daemon at rtems.org
Tue Nov 2 13:51:23 UTC 2010 

https://www.rtems.org/bugzilla/show_bug.cgi?id=1574

--- Comment #2 from Joel Sherrill <joel.sherrill at oarcorp.com> 2010-11-02 08:51:21 CDT ---
(In reply to comment #1)
> I have made this PR a blocker for 4.10.
> 
> I have back ported the 'do_extend' change from 4.11 in the
> objectextendinformation.c to 4.10 plus sp70 and have the same problem on 4.10
> with the SIS BSP. I also merged in the proposed change in PR 1560 that fixes
> alignment issues on sparc64 targets.
> 
> I have tracked the problem to 'rtems_termios_enqueue_raw_characters' then up to
> the SIS console driver. Its data has changed. Setting a watch point gives:
> 
> (gdb) watch Console_Port_Data[0].termios_data
> Watchpoint 5: Console_Port_Data[0].termios_data
> (gdb) c
> 
> 
> *** TEST 70 ***
> Creating task 1 - OK
> Creating task 2 - OK
> Creating task 3 - OK
> Creating task 4 - OK
> Creating task 5 - OK
> Creating task 6 - OK
> Watchpoint 5: Console_Port_Data[0].termios_data
> 
> Old value = (void *) 0x202b870
> New value = (void *) 0xa010007
> rtems_task_create (name=1413559840, initial_priority=1, stack_size=4096,
> initial_modes=<value optimized out>,
>     attribute_set=0, id=0x20252d4)
>     at
> /Users/chris/Development/rtems/src/branch-4-10/c/src/../../cpukit/rtems/src/taskcreate.c:227

I think this means that we are treating random memory as a place
to store object information.

> I am not sure what the issue is here and I am also not sure if sp70 does show
> the problem Coverity raised. 

:(  I am wondering if the problem is that the local_table of object pointers
needs to be contiguous.  sp70 frees all objects in the middle.  If shrink
reclaims the middle of the object table, then we wouldn't be able to do object
lookups correctly for the higher index object.  

> I have noticed another issue. The allocation size is 1 and the shrink needs 1.5
> blocks free to perform a shrink so I am not sure what a block size of 1 does
> here.

That I have no idea about.

-- 
Configure bugmail: https://www.rtems.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the bugs mailing list