This is an automated email from the ASF dual-hosted git repository. xiaoxiang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nuttx.git
commit b8029d28a3103af3cd767f0d07027168607a12eb Author: wangjianyu3 <[email protected]> AuthorDate: Tue Sep 24 10:41:02 2024 +0800 drivers/rpmsg: Using safe list iterating in rpmsg_device_created() To fix list access after delete error Test: /* Export */ rpmsgdev_export("SERVER", "/dev/DEVNAME"); /* Register */ rpmsgdev_register("CLIENT", "/dev/DEVNAME", "/dev/server-DEVNAME", 0); Log: [ap] kasan_report: kasan detected a read access error, address at 0x40b7ae78,size is 8, return address: 0x402a3c50 [ap] kasan_show_memory: Shadow bytes around the buggy address: [ap] kasan_show_memory: 0x40b7ae20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ap] kasan_show_memory: 0x40b7ae30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ap] kasan_show_memory: 0x40b7ae40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ap] kasan_show_memory: 0x40b7ae50: 20 af b7 40 00 00 00 00 c0 17 2a 40 00 00 00 00 [ap] kasan_show_memory: 0x40b7ae60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ap] kasan_show_memory: 0x40b7ae70: 00 00 00 00 00 00 00 00[b0 f7 b3 40 00 00 00 00] [ap] kasan_show_memory: 0x40b7ae80: c8 48 b8 40 00 00 00 00 00 00 00 00 00 00 00 00 [ap] kasan_show_memory: 0x40b7ae90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ap] kasan_show_memory: 0x40b7aea0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ap] kasan_show_memory: 0x40b7aeb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 $ addr2line -fe nuttx/nuttx 0x402a3c50 rpmsg_device_created /workspace/nuttx/drivers/rpmsg/rpmsg.c:395 (discriminator 2) Reported by [email protected] Signed-off-by: wangjianyu3 <[email protected]> --- drivers/rpmsg/rpmsg.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/rpmsg/rpmsg.c b/drivers/rpmsg/rpmsg.c index ed35105ad5..b8ae2e5e9a 100644 --- a/drivers/rpmsg/rpmsg.c +++ b/drivers/rpmsg/rpmsg.c @@ -402,9 +402,10 @@ void rpmsg_ns_unbind(FAR struct rpmsg_device *rdev, void rpmsg_device_created(FAR struct rpmsg_s *rpmsg) { FAR struct metal_list *node; + FAR struct metal_list *tmp; nxrmutex_lock(&g_rpmsg_lock); - metal_list_for_each(&g_rpmsg_cb, node) + metal_list_for_each_safe(&g_rpmsg_cb, tmp, node) { FAR struct rpmsg_cb_s *cb = metal_container_of(node, struct rpmsg_cb_s, node);
