On 06/30/2011 11:36 AM, Jan Kiszka wrote:
> When creating of a shadow task fails, rt_task_create has to free the
> task object consistently, not only on registry errors. Then we need to
> delete the core thread when fastlock allocation failed. Moreover, fix a
> double free of the fastlock object which is now released via the delete
> hook. Finally, avoid a use-after-release of the fastlock object in
> __task_delete_hook.
>
> This fixes heap corruptions when running out of resources.
>
> Signed-off-by: Jan Kiszka <[email protected]>
> ---
> (...)
> +
> + fail:
> + if (xnthread_test_state(&task->thread_base, XNSHADOW))
> + xnfree(task);
> +
> + return err;
> }
>
> /**
Is this needed? I mean, shadows are created in syscall.c, function
__rt_task_create, and when rt_task_create returns an error, that
function calls rt_task_delete. So, there should be no leak. And worse,
here rt_task_delete will use an invalid pointer if we apply that patch.
--
Gilles.
_______________________________________________
Xenomai-core mailing list
[email protected]
https://mail.gna.org/listinfo/xenomai-core
