Donny9 opened a new pull request, #18231: URL: https://github.com/apache/nuttx/pull/18231
## Summary This PR fixes a critical crash issue in the serial driver when the receive buffer is full and the driver only implements the `recvbuf` operation without implementing the `receive` operation. ### Problem Description: When the receive buffer becomes full, the original code would attempt to call the `receive` operation even when it's NULL, causing a crash. This scenario occurs when: 1. The serial driver implements `recvbuf` but not `receive` 2. The receive buffer fills up completely 3. The code tries to call `dev->ops->receive()` which is NULL ### Root Cause: The original logic had the following issues: - When buffer is full and `!is_full` condition fails, it would fall through to call `receive` operation - No NULL check for `dev->ops->receive` before calling it - When buffer is full, hardware FIFO continues to accumulate data with no way to drain it ### Solution: This patch fixes the issue by: 1. **Add NULL check for receive operation**: Check `dev->ops->receive` exists before calling it to prevent crash 2. **Drain hardware FIFO when buffer is full**: When buffer is full but `recvbuf` is available, use a temporary buffer (`&ch`) to drain hardware FIFO and prevent data accumulation 3. **Restructure conditional logic**: Properly handle the case when only `recvbuf` is implemented 4. **Initialize pbuf to NULL**: Prevent potential uninitialized variable usage ### Code Changes: - Modified `uart_recvchars()` in `drivers/serial/serial_io.c` - Added proper NULL checks and conditional logic - Improved buffer full handling to drain hardware FIFO ## Impact ### Stability: - **Critical Fix**: Prevents NULL pointer dereference crash when buffer is full - **Positive**: Prevents hardware FIFO overflow by draining data even when buffer is full - **Positive**: Makes serial driver more robust for drivers that only implement `recvbuf` ### Compatibility: - **No breaking changes**: Maintains existing API and behavior - **Backward compatible**: Works with all existing serial drivers - **Improved compatibility**: Now works correctly with drivers that only implement `recvbuf` ### Code Quality: - **Improved**: Better structured conditional logic - **Improved**: Fixed potential NULL pointer dereference - **Improved**: Fixed potential uninitialized variable issue ## Testing ### Test Steps: 1. Built NuttX with sim:nsh configuration 2. Configured serial driver to only implement `recvbuf` operation 3. Filled receive buffer completely with high-speed data transmission 4. Verified no crash occurs when buffer is full 5. Verified hardware FIFO is properly drained ### Test Results: **Before the patch:** ```bash # System crashes with NULL pointer dereference when buffer fills up # Crash occurs in uart_recvchars() when calling dev->ops->receive() -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
