* RE: Inconsistency between documentation and code in lib/alchemy/task.c
[not found] ` <DM6PR04MB6122B1C2A8750460027C8852E2AA9@DM6PR04MB6122.namprd04.prod.outlook.com>
@ 2023-02-22 16:32 ` Rosenow, James
2023-02-22 17:56 ` Jan Kiszka
0 siblings, 1 reply; 2+ messages in thread
From: Rosenow, James @ 2023-02-22 16:32 UTC (permalink / raw)
To: xenomai; +Cc: Ganz, Derek
Greetings,
We are experiencing a crash in rt_task_inquire() and found an apparent inconsistency between the doc and the code. Our code is passing a NULL 'info' pointer and subsequently crashing. See code snipped below.
Best regards,
Jim Rosenow
MTS Systems Corporation
/**
* @fn int rt_task_inquire(RT_TASK *task, RT_TASK_INFO *info)
* @brief Retrieve information about a real-time task.
*
<<<<<<< snip >>>>>>>>
* @param info The address of a structure the task information will be
Passing NULL is supposed to be valid but
below it is not checked before use.
|
\/
* written to. Passing NULL is valid, in which case the system is only
* probed for existence of the specified task.
*
<<<<<<< snip >>>>>>>>
*/
int rt_task_inquire(RT_TASK *task, RT_TASK_INFO *info)
{
struct alchemy_task *tcb;
struct service svc;
int ret = 0;
CANCEL_DEFER(svc);
tcb = get_alchemy_task_or_self(task, &ret);
if (tcb == NULL)
goto out;
'info' is not checked
for NULL before
dereference.
|
\/
ret = __bt(threadobj_stat(&tcb->thobj, &info->stat));
if (ret)
goto out;
<<<<<<< snip >>>>>>>>
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Inconsistency between documentation and code in lib/alchemy/task.c
2023-02-22 16:32 ` Inconsistency between documentation and code in lib/alchemy/task.c Rosenow, James
@ 2023-02-22 17:56 ` Jan Kiszka
0 siblings, 0 replies; 2+ messages in thread
From: Jan Kiszka @ 2023-02-22 17:56 UTC (permalink / raw)
To: Rosenow, James, xenomai; +Cc: Ganz, Derek
On 22.02.23 17:32, Rosenow, James wrote:
> Greetings,
>
> We are experiencing a crash in rt_task_inquire() and found an apparent inconsistency between the doc and the code. Our code is passing a NULL 'info' pointer and subsequently crashing. See code snipped below.
>
> Best regards,
> Jim Rosenow
> MTS Systems Corporation
>
> /**
> * @fn int rt_task_inquire(RT_TASK *task, RT_TASK_INFO *info)
> * @brief Retrieve information about a real-time task.
> *
>
> <<<<<<< snip >>>>>>>>
>
> * @param info The address of a structure the task information will be
>
> Passing NULL is supposed to be valid but
> below it is not checked before use.
> |
> \/
> * written to. Passing NULL is valid, in which case the system is only
> * probed for existence of the specified task.
> *
>
> <<<<<<< snip >>>>>>>>
>
> */
> int rt_task_inquire(RT_TASK *task, RT_TASK_INFO *info)
> {
> struct alchemy_task *tcb;
> struct service svc;
> int ret = 0;
>
> CANCEL_DEFER(svc);
>
> tcb = get_alchemy_task_or_self(task, &ret);
> if (tcb == NULL)
> goto out;
>
> 'info' is not checked
> for NULL before
> dereference.
> |
> \/
> ret = __bt(threadobj_stat(&tcb->thobj, &info->stat));
> if (ret)
> goto out;
>
> <<<<<<< snip >>>>>>>>
>
>
>
We probably didn't read or forgot to update the documentation while
porting from Xenomai 2 to 3. Checking... Yeah, 2.x implemented this in
the kernel and did take care of this case. But already the first version
of rt_task_inquire in 3.x, now in userspace, got this wrong.
I'm fine with re-adding that feature to the code and taking that fix
into stable branches - want to send a patch for this more than 11 years
old bug?
Thanks,
Jan
--
Siemens AG, Technology
Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-02-22 17:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <DM6PR04MB61228B4C5910471EEEE02ABFE2AA9@DM6PR04MB6122.namprd04.prod.outlook.com>
[not found] ` <DM6PR04MB6122B1C2A8750460027C8852E2AA9@DM6PR04MB6122.namprd04.prod.outlook.com>
2023-02-22 16:32 ` Inconsistency between documentation and code in lib/alchemy/task.c Rosenow, James
2023-02-22 17:56 ` Jan Kiszka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).