#1574 closed defect (fixed)

Null Dereference from _Objects_Extend_information

Reported by: Joel Sherrill Owned by: Chris Johns
Priority: normal Milestone: 4.10
Component: score Version: 4.10
Severity: blocker Keywords:
Cc: Blocked By:


Coverity Id 31

This has been reported since the very first Coverity Scan runs but I couldn't
see how to duplicate this. I had an insight on the way home and added sp70
which cores dumps on exactly the spot they claimed.

Breakpoint 3, _Objects_Extend_information (information=0x201e6a4)

at ../../../../../../rtems/c/src/../../cpukit/score/src/objectextendinformation.c:230

230 information->object_blocks[ block ] = new_object_block;
(gdb) n
235 _Chain_Initialize(
(gdb) c
DUnexpected trap ( 7) at address 0x02005BC8
memory address not aligned

This problem occurs when you delete the "middle" unlimited objects. This
takes you down the path through lines 74-76 for finding a NULL slot.
I think there is some memory allocation that should occur in this case
as well but the memory allocation code later only is executed when we
need to "extend" the set, not fill in a gap in the middle.

I suspect that (1) some of the code in the if at 109 should be done in
this case and that (2) a bool flag "do_extend" which is set as needed
around the code at 70-80 would fix this and make it easier to read.

I have attached the Coverity Scan analysis. sp70 is already in the tree.

This impacts unlimited on previous releases as well.

Attachments (1)

coverity.txt (6.2 KB) - added by Joel Sherrill on Jun 19, 2010 at 3:11:48 PM.
Coverity Analysis

Download all attachments as: .zip

Change History (5)

Changed on Jun 19, 2010 at 3:11:48 PM by Joel Sherrill

Attachment: coverity.txt added

Coverity Analysis

comment:1 Changed on Jun 19, 2010 at 3:14:00 PM by Joel Sherrill

Owner: changed from Joel Sherrill to Chris Johns

comment:2 Changed on Jun 23, 2010 at 10:52:02 PM by Chris Johns

blocked: 1560

comment:3 Changed on Nov 2, 2010 at 9:16:52 AM by Chris Johns

Milestone: 4.114.10
Severity: normalblocker

comment:4 Changed on Nov 29, 2011 at 3:46:48 PM by Joel Sherrill

Resolution: fixed
Status: newclosed

Coverity no longer reports an issue with this file.


Note: See TracTickets for help on using tickets.