Module: xenomai-3
Branch: stable-3.0.x
Commit: 945c7dbf7c5ae19755a26b69d00f714176c87c4a
URL:
http://git.xenomai.org/?p=xenomai-3.git;a=commit;h=945c7dbf7c5ae19755a26b69d00f714176c87c4a
Author: Philippe Gerum <r...@xenomai.org>
Date: Fri Mar 16 10:46:53 2018 +0100
copperplate/threadobj: fix NULL dereference in threadobj_unblock()
threadobj_unblock() simply does not work, dereferencing a NULL pointer
whenever it actually manages to unblock a thread waiting on a
synchronization object.
Calling syncobj_flush() on this object to wake up waiters zeroes the
wait_sobj field in the corresponding TCBs, so don't dereference
thobj->wait_sobj past this point.
Thread 1 "main" received signal SIGSEGV, Segmentation fault.
0x00007ffff79aeda0 in __syncobj_tag_unlocked (sobj=0x0) at
include/copperplate/syncobj.h:100
100 assert(sobj->flags & SYNCOBJ_LOCKED);
(gdb) bt
---
lib/copperplate/threadobj.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/lib/copperplate/threadobj.c b/lib/copperplate/threadobj.c
index e8b8e5d..cde1548 100644
--- a/lib/copperplate/threadobj.c
+++ b/lib/copperplate/threadobj.c
@@ -1564,10 +1564,13 @@ int threadobj_unblock(struct threadobj *thobj) /*
thobj->lock held */
sobj = thobj->wait_sobj;
if (sobj) {
ret = syncobj_lock(sobj, &syns);
+ /*
+ * Remove PEND (+DELAY timeout).
+ * CAUTION: thobj->wait_obj goes NULL upon flush.
+ */
if (ret == 0) {
- /* Remove PEND (+DELAY timeout) */
- syncobj_flush(thobj->wait_sobj);
- syncobj_unlock(thobj->wait_sobj, &syns);
+ syncobj_flush(sobj);
+ syncobj_unlock(sobj, &syns);
return 0;
}
}
_______________________________________________
Xenomai-git mailing list
Xenomai-git@xenomai.org
https://xenomai.org/mailman/listinfo/xenomai-git
