![[RTEMS Logo]](/images/logo.png){kind=logo}
#1746 closed defect (fixed)
_Workspace_Free() interface change crashing startup
| Reported by: | dufault | Owned by: | Chris Johns |
|---|---|---|---|
| Priority: | normal | Milestone: | 4.11 |
| Component: | score | Version: | 4.11 |
| Severity: | critical | Keywords: | |
| Cc: | chrisj@… | Blocked By: | |
| Blocking: |
Description
The _Workspace_Free() documentation says:
"If block is equal to NULL, then the request is ignored. This allows the caller to not worry about whether or not a pointer is NULL"
and there are places in the code that assume that.
Here's a stack trace and discussion for a crash during _API_Mutex_Initialization():
#0 _Objects_Extend_information (information=0x210373a8)
at ../../../../../../rtems-head/c/src/../../cpukit/score/src/objectextendinformation.c:209
#1 0x00081cf0 in _Objects_Initialize_information (information=0x210373a8,
the_api=OBJECTS_INTERNAL_API, the_class=0x2, maximum=0x1, size=0x74,
is_string=0x0, maximum_name_length=0x0)
at ../../../../../../rtems-head/c/src/../../cpukit/score/src/objectinitializeinformation.c:156
#2 0x0007cbd8 in _API_Mutex_Initialization (maximum_mutexes=0x1)
at ../../../../../../rtems-head/c/src/../../cpukit/score/src/apimutex.c:23
#3 0x0007b76c in rtems_initialize_data_structures ()
at ../../../../../../rtems-head/c/src/../../cpukit/sapi/src/exinit.c:125
#4 0x00026724 in boot_card (cmdline=0x0)
at ../../../../../../../../rtems-head/c/src/lib/libbsp/powerpc/mpc55xxevb/../../shared/bootcard.c:163
#5 0x00000134 in start ()
at ../../../../../../../../rtems-head/c/src/lib/libbsp/powerpc/mpc55xxevb/startup/start.S:219
(gdb)
-- "information" is a pointer to _API_Mutex_Information,
-- and its object_blocks member was set to 0 in _Objects_Initialize_information()
(gdb) print _API_Mutex_Information.object_blocks
$4 = (void ) 0x0
(gdb)
-- but _Objects_Extend_information() is saving that away:
209 old_tables = information->object_blocks;
(gdb) next
211 information->object_blocks = object_blocks;
(gdb) print old_tables
$5 = (void *) 0x0
(gdb)
-- And if we continue a bit it's going to unconditionally call _Workspace_Free()
Breakpoint 5, _Objects_Extend_information (information=0x210373a8)
at ../../../../../../rtems-head/c/src/../../cpukit/score/src/objectextendinformation.c:224
224 _Workspace_Free( old_tables );
(gdb)
Attachments (2)
Change History (7)
Changed on 03/01/11 at 02:19:39 by Chris Johns
| Attachment: | pr1746-head-heap-fix.diff added |
|---|
comment:1 Changed on 03/01/11 at 02:19:57 by Chris Johns
| Cc: | Chris Johns added |
|---|---|
| Owner: | changed from Joel Sherrill to Chris Johns |
Changed on 03/01/11 at 04:22:48 by Chris Johns
| Attachment: | pr1746-head-heap-fix_v1.diff added |
|---|
Heap clean up
comment:2 Changed on 03/01/11 at 04:22:48 by Chris Johns
| attachments.isobsolete: | 0 → 1 |
|---|
comment:3 Changed on 03/01/11 at 04:30:28 by Chris Johns
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:5 Changed on 11/24/14 at 18:58:28 by Gedare Bloom
| Version: | HEAD → 4.11 |
|---|
Replace Version=HEAD with Version=4.11 for the tickets with Milestone >= 4.11
Move the protection calls to after the in heap checks.