[Bug 2035] psxcancel reveals NULL pointer access in _Thread_queue_Extract()
bugzilla-daemon at rtems.org
bugzilla-daemon at rtems.org
Thu Dec 6 09:13:15 UTC 2012
https://www.rtems.org/bugzilla/show_bug.cgi?id=2035
--- Comment #3 from Sebastian Huber <sebastian.huber at embedded-brains.de> 2012-12-06 03:13:15 CST ---
This is definitely a bug in pthread_exit(). Here we have:
[...]
/*
* Process join
*/
if ( api->detachstate == PTHREAD_CREATE_JOINABLE ) {
unblocked = _Thread_queue_Dequeue( &api->Join_List );
if ( unblocked ) {
do {
*(void **)unblocked->Wait.return_argument = value_ptr;
} while ( (unblocked = _Thread_queue_Dequeue( &api->Join_List )) );
} else {
_Thread_Set_state(
the_thread,
STATES_WAITING_FOR_JOIN_AT_EXIT | STATES_TRANSIENT
);
<-- This sets the thread into a waiting state, but this seems to have
no effect.
_RTEMS_Unlock_allocator();
_Thread_Enable_dispatch();
/* now waiting for thread to arrive */
_RTEMS_Lock_allocator();
_Thread_Disable_dispatch();
}
}
/*
* Now shut down the thread
*/
_Thread_Close( the_information, the_thread ); <-- This function thinks
that the thread is in a waiting state and tries to remove it from the wait
queue which is NULL. The thread state is inconsistent: it indicates that it is
waiting on a queue, but the queue does not exist.
[...]
--
Configure bugmail: https://www.rtems.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the bugs
mailing list