#4764 new defect

msdos_format throws RTEMS_FATAL_SOURCE_INVALID_HEAP_FREE on free(fmt_params.sec)

Reported by: Giovanni Righi Owned by:
Priority: high Milestone: Indefinite
Component: fs/fat Version: 5
Severity: major Keywords:
Cc: Blocked By:
Blocking:

Description

Hello,
I'm trying to mount the FAT filesystem on the external memory of an atsamv xpalined ultra.
I managed to mount the device but when calling the msdos_format function to format the memory I get a RTEMS_FATAL_SOURCE_INVALID_HEAP_FREE fault.
The fault is thrown when the function calls the free on the fmt_params.sec pointer.

Attachments (1)

Immagine.png (3.2 KB) - added by Giovanni Righi on 11/25/22 at 16:18:17.
Error screenshot

Download all attachments as: .zip

Change History (4)

Changed on 11/25/22 at 16:18:17 by Giovanni Righi

Attachment: Immagine.png added

Error screenshot

comment:1 Changed on 11/25/22 at 16:20:39 by Joel Sherrill

Without looking at the code, this should indicate that the address passed to free() is not one that was malloced. Perhaps it should have been set to NULL in the structure earlier and just garbage is passed in when clean up occurs. Otherwise, there is what I would think is a bug which would have been tripped over in the most basic testing and use.

comment:2 Changed on 11/28/22 at 10:02:58 by Giovanni Righi

Ok I found something interesting.
First of all if I compile the rtems code with the flag --enable-rtems-debug the malloc of fmt_params.sec doesn't work so the pointer it's NULL and the function tries to free a NULL pointer. I don't know if the malloc not allocating is an expected behaviour in this condition.
But if I remove the flag and recompile the kernel the malloc is working and everything seems to work smootly until I get to the free.
The pointer now it's allocated and it contains the stuff that is being written in the external flash.
Here's what the pointer contains when the free it's called.
https://ibb.co/djrp9ym.
Now the free stil doesn't work and returns the same error as before.
This obviusly causes my RTEMS app to stop working.
If I reboot the app the msdos_format it's called again but in this case the external memory is not erased since the function called in the previous execution was formatting the external memory with the FAT filesystem.
So now I got a crc error. I suppose this is because the previous execution was stopped and the QSPI driver hadn't finished writing to external memory.
He's a screen shot of the full error.
https://ibb.co/RhXFR8j
The interesting thing is that now the free works and my application keeps working as we can see from the screenshot.
Obviusly the filesystem is not mounted so it's still working in the IMFS filesystem.

comment:3 Changed on 12/06/22 at 22:42:08 by Chris Johns

Milestone: 5.1Indefinite
Note: See TracTickets for help on using tickets.