#2035 closed defect (fixed)

psxcancel reveals NULL pointer access in _Thread_queue_Extract()

Reported by: Sebastian Huber Owned by: Joel Sherrill
Priority: normal Milestone: 4.11
Component: score Version: 4.11
Severity: blocker Keywords:
Cc: vattam.santosh@…, gedare@… Blocked By:
Blocking:

Description

The test psxcancel reveals a NULL pointer access in _Thread_queue_Extract():

sparc-rtems4.11-gdb psxcancel.ralf
tar sim
b _Thread_queue_Extract if the_thread_queue == 0
load
r

* POSIX CANCEL TEST *
Init - pthread_setcancelstate - NULL oldstate - EINVAL
Init - pthread_setcancelstate - bad state - EINVAL
Init - pthread_setcanceltype - NULL oldtype - EINVAL
Init - pthread_setcanceltype - bad type - EINVAL
Init - pthread_cancel - bad ID - EINVAL
countTaskDeferred: elapsed time (second): 0
countTaskDeferred: elapsed time (second): 1
countTaskDeferred: elapsed time (second): 2
countTaskDeferred: elapsed time (second): 3
countTaskDeferred: elapsed time (second): 4
countTaskAsync: elapsed time (second): 0
countTaskAsync: elapsed time (second): 1
countTaskAsync: elapsed time (second): 2
countTaskAsync: elapsed time (second): 3
countTaskAsync: elapsed time (second): 4

Breakpoint 1, _Thread_queue_Extract (the_thread_queue=0x0, the_thread=0x203b5f8) at ../../../../../../git-rtems/c/src/../../cpukit/score/src/threadqextract.c:52
52 if ( the_thread_queue->discipline == THREAD_QUEUE_DISCIPLINE_PRIORITY )

Change History (5)

comment:1 Changed on Mar 5, 2012 at 6:07:15 PM by Gedare Bloom

Cc: Gedare Bloom added

comment:2 Changed on Mar 8, 2012 at 1:23:43 AM by Gedare Bloom

Cc: Santosh Vattam added

comment:4 Changed on Nov 24, 2014 at 6:58:28 PM by Gedare Bloom

Version: HEAD4.11

Replace Version=HEAD with Version=4.11 for the tickets with Milestone >= 4.11

comment:5 Changed on Apr 23, 2015 at 7:42:59 PM by Sebastian Huber <sebastian.huber@…>

In f32935335a7f9b53c14133724753045ead988ca4/rtems:

score: Fix POSIX thread join

A thread join is twofold. There is one thread that exists and an
arbitrary number of threads that wait for the thread exit (one-to-many
relation). The exiting thread may want to wait for a thread that wants
to join its exit (STATES_WAITING_FOR_JOIN_AT_EXIT in
_POSIX_Thread_Exit()). On the other side we need a thread queue for all
the threads that wait for the exit of one particular thread
(STATES_WAITING_FOR_JOIN in pthread_join()).

Update #2035.

Note: See TracTickets for help on using tickets.