[Bug 1746] New: _Workspace_Free() interface change crashing startup

bugzilla-daemon at rtems.org bugzilla-daemon at rtems.org
Mon Feb 28 23:59:34 UTC 2011 

https://www.rtems.org/bugzilla/show_bug.cgi?id=1746

           Summary: _Workspace_Free() interface change crashing startup
           Product: RTEMS
           Version: HEAD
          Platform: All
        OS/Version: RTEMS
            Status: NEW
          Severity: critical
          Priority: P3
         Component: cpukit
        AssignedTo: joel.sherrill at oarcorp.com
        ReportedBy: dufault at hda.com


The _Workspace_Free() documentation says:
"If block is equal to NULL, then the request is ignored. This allows the caller
to not worry about whether or not a pointer is NULL"
and there are places in the code that assume that.

Here's a stack trace and discussion for a crash during
_API_Mutex_Initialization():

#0  _Objects_Extend_information (information=0x210373a8)
   at
../../../../../../rtems-head/c/src/../../cpukit/score/src/objectextendinformation.c:209
#1  0x00081cf0 in _Objects_Initialize_information (information=0x210373a8, 
   the_api=OBJECTS_INTERNAL_API, the_class=0x2, maximum=0x1, size=0x74, 
   is_string=0x0, maximum_name_length=0x0)
   at
../../../../../../rtems-head/c/src/../../cpukit/score/src/objectinitializeinformation.c:156
#2  0x0007cbd8 in _API_Mutex_Initialization (maximum_mutexes=0x1)
   at ../../../../../../rtems-head/c/src/../../cpukit/score/src/apimutex.c:23
#3  0x0007b76c in rtems_initialize_data_structures ()
   at ../../../../../../rtems-head/c/src/../../cpukit/sapi/src/exinit.c:125
#4  0x00026724 in boot_card (cmdline=0x0)
   at
../../../../../../../../rtems-head/c/src/lib/libbsp/powerpc/mpc55xxevb/../../shared/bootcard.c:163
#5  0x00000134 in start ()
   at
../../../../../../../../rtems-head/c/src/lib/libbsp/powerpc/mpc55xxevb/startup/start.S:219
(gdb) 
-- "information" is a pointer to _API_Mutex_Information,
-- and its object_blocks member was set to 0 in
_Objects_Initialize_information()
(gdb) print _API_Mutex_Information.object_blocks
$4 = (void **) 0x0
(gdb) 
-- but _Objects_Extend_information() is saving that away:
209        old_tables = information->object_blocks;
(gdb) next
211        information->object_blocks = object_blocks;
(gdb) print old_tables
$5 = (void *) 0x0
(gdb) 
-- And if we continue a bit it's going to unconditionally call
_Workspace_Free()
Breakpoint 5, _Objects_Extend_information (information=0x210373a8)
   at
../../../../../../rtems-head/c/src/../../cpukit/score/src/objectextendinformation.c:224
224        _Workspace_Free( old_tables );
(gdb)

-- 
Configure bugmail: https://www.rtems.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the bugs mailing list