* RE: Inconsistency between documentation and code in lib/alchemy/task.c [not found] ` <DM6PR04MB6122B1C2A8750460027C8852E2AA9@DM6PR04MB6122.namprd04.prod.outlook.com> @ 2023-02-22 16:32 ` Rosenow, James 2023-02-22 17:56 ` Jan Kiszka 0 siblings, 1 reply; 2+ messages in thread From: Rosenow, James @ 2023-02-22 16:32 UTC (permalink / raw) To: xenomai; +Cc: Ganz, Derek Greetings, We are experiencing a crash in rt_task_inquire() and found an apparent inconsistency between the doc and the code. Our code is passing a NULL 'info' pointer and subsequently crashing. See code snipped below. Best regards, Jim Rosenow MTS Systems Corporation /** * @fn int rt_task_inquire(RT_TASK *task, RT_TASK_INFO *info) * @brief Retrieve information about a real-time task. * <<<<<<< snip >>>>>>>> * @param info The address of a structure the task information will be Passing NULL is supposed to be valid but below it is not checked before use. | \/ * written to. Passing NULL is valid, in which case the system is only * probed for existence of the specified task. * <<<<<<< snip >>>>>>>> */ int rt_task_inquire(RT_TASK *task, RT_TASK_INFO *info) { struct alchemy_task *tcb; struct service svc; int ret = 0; CANCEL_DEFER(svc); tcb = get_alchemy_task_or_self(task, &ret); if (tcb == NULL) goto out; 'info' is not checked for NULL before dereference. | \/ ret = __bt(threadobj_stat(&tcb->thobj, &info->stat)); if (ret) goto out; <<<<<<< snip >>>>>>>> ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Inconsistency between documentation and code in lib/alchemy/task.c 2023-02-22 16:32 ` Inconsistency between documentation and code in lib/alchemy/task.c Rosenow, James @ 2023-02-22 17:56 ` Jan Kiszka 0 siblings, 0 replies; 2+ messages in thread From: Jan Kiszka @ 2023-02-22 17:56 UTC (permalink / raw) To: Rosenow, James, xenomai; +Cc: Ganz, Derek On 22.02.23 17:32, Rosenow, James wrote: > Greetings, > > We are experiencing a crash in rt_task_inquire() and found an apparent inconsistency between the doc and the code. Our code is passing a NULL 'info' pointer and subsequently crashing. See code snipped below. > > Best regards, > Jim Rosenow > MTS Systems Corporation > > /** > * @fn int rt_task_inquire(RT_TASK *task, RT_TASK_INFO *info) > * @brief Retrieve information about a real-time task. > * > > <<<<<<< snip >>>>>>>> > > * @param info The address of a structure the task information will be > > Passing NULL is supposed to be valid but > below it is not checked before use. > | > \/ > * written to. Passing NULL is valid, in which case the system is only > * probed for existence of the specified task. > * > > <<<<<<< snip >>>>>>>> > > */ > int rt_task_inquire(RT_TASK *task, RT_TASK_INFO *info) > { > struct alchemy_task *tcb; > struct service svc; > int ret = 0; > > CANCEL_DEFER(svc); > > tcb = get_alchemy_task_or_self(task, &ret); > if (tcb == NULL) > goto out; > > 'info' is not checked > for NULL before > dereference. > | > \/ > ret = __bt(threadobj_stat(&tcb->thobj, &info->stat)); > if (ret) > goto out; > > <<<<<<< snip >>>>>>>> > > > We probably didn't read or forgot to update the documentation while porting from Xenomai 2 to 3. Checking... Yeah, 2.x implemented this in the kernel and did take care of this case. But already the first version of rt_task_inquire in 3.x, now in userspace, got this wrong. I'm fine with re-adding that feature to the code and taking that fix into stable branches - want to send a patch for this more than 11 years old bug? Thanks, Jan -- Siemens AG, Technology Competence Center Embedded Linux ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-02-22 17:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <DM6PR04MB61228B4C5910471EEEE02ABFE2AA9@DM6PR04MB6122.namprd04.prod.outlook.com>
[not found] ` <DM6PR04MB6122B1C2A8750460027C8852E2AA9@DM6PR04MB6122.namprd04.prod.outlook.com>
2023-02-22 16:32 ` Inconsistency between documentation and code in lib/alchemy/task.c Rosenow, James
2023-02-22 17:56 ` Jan Kiszka
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).