Module: xenomai-3 Branch: stable-3.0.x Commit: 945c7dbf7c5ae19755a26b69d00f714176c87c4a URL: http://git.xenomai.org/?p=xenomai-3.git;a=commit;h=945c7dbf7c5ae19755a26b69d00f714176c87c4a
Author: Philippe Gerum <r...@xenomai.org> Date: Fri Mar 16 10:46:53 2018 +0100 copperplate/threadobj: fix NULL dereference in threadobj_unblock() threadobj_unblock() simply does not work, dereferencing a NULL pointer whenever it actually manages to unblock a thread waiting on a synchronization object. Calling syncobj_flush() on this object to wake up waiters zeroes the wait_sobj field in the corresponding TCBs, so don't dereference thobj->wait_sobj past this point. Thread 1 "main" received signal SIGSEGV, Segmentation fault. 0x00007ffff79aeda0 in __syncobj_tag_unlocked (sobj=0x0) at include/copperplate/syncobj.h:100 100 assert(sobj->flags & SYNCOBJ_LOCKED); (gdb) bt --- lib/copperplate/threadobj.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/copperplate/threadobj.c b/lib/copperplate/threadobj.c index e8b8e5d..cde1548 100644 --- a/lib/copperplate/threadobj.c +++ b/lib/copperplate/threadobj.c @@ -1564,10 +1564,13 @@ int threadobj_unblock(struct threadobj *thobj) /* thobj->lock held */ sobj = thobj->wait_sobj; if (sobj) { ret = syncobj_lock(sobj, &syns); + /* + * Remove PEND (+DELAY timeout). + * CAUTION: thobj->wait_obj goes NULL upon flush. + */ if (ret == 0) { - /* Remove PEND (+DELAY timeout) */ - syncobj_flush(thobj->wait_sobj); - syncobj_unlock(thobj->wait_sobj, &syns); + syncobj_flush(sobj); + syncobj_unlock(sobj, &syns); return 0; } } _______________________________________________ Xenomai-git mailing list Xenomai-git@xenomai.org https://xenomai.org/mailman/listinfo/xenomai-git