Possible error in rtems_message_queue_send.

Joel Sherrill joel.sherrill at OARcorp.com
Wed May 20 22:36:54 UTC 2009 

Wendell Pereira da Silva wrote:
>
> Hi Joel,
>
>  
>
> After a lot of time in test effort of an application (based on RTEMS 
> 4.8.0), I’ve found a strange behavior in rtems_message_queue_send().
>
> The context is illustrated as follows:
>
>  
>
> lenStatus = rtems_message_queue_send(mqID, &Msg, sizeof(Msg));
>
> if (lenStatus != RTEMS_SUCCESSFUL)
>
> {
>
>     errorRecovery(…);
>
> }
>
>  
>
> This code works fines if mqID identifies a valid message queue object 
> with enough space. But a bug in my application turned mqID a valid 
> TASK id. So, it was expected that the errorRecovery() function should 
> be called but, surprisingly, rtems_message_queue_send() returned 
> RTEMS_SUCCESSFUL (!).
>
>  
>
> Digging into the RTEMS source from rtems_message_queue_send(), I 
> figured out that only the index part the object id (the last 
> significant 16-bit) is used to find the object’s entry in the 
> information->local_table (objectget.c). So, what happened was simply a 
> coincidence: an index of a Task Object fit to index a Queue Object.
>
>  
>
> What is the right way to fix this?
>

Which RTEMS version?  This code is heavily optimized and may have been
broken at some point.  The index is extracted this way now which should
be right:

  index = id - information->minimum_id + 1;

What's the CVS Id? 

>  
>
> Solutions:
>
> (1) To put more complexity in rtems_message_queue_send() – hgrrr!. 
> That is, code for verifying if the ID is really a queue id;
>
> (2) Move such verification code to the application level.
>
>  
>
No.  It looks like 4.9 and newer have the above logic which should
be OK.  4.8 and older have a different logic which would suffer
from what you see.

Looks like a minor patch to use the above code all the time.

And an addition of a test case. :)  Can you create a small one
for me?

Thanks.
>
>  
>
> Att.
>
>  
>
> Wendell Pereira da Silva
>
> *COMP***SIS** Computadores e Sistemas Ind. e Com. Ltda.
> Aerospace Systems | [12] 2139-3966 ext. 977 | www.compsis.com.br 
> <http://www.compsis.com.br/>
>
>  
>

More information about the users mailing list