This is the mail archive of the ecos-discuss@sourceware.org mailing list for the eCos project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: potential eCos mbox issue on AT91


From initial examination, I believe the get method of the mboxt2
implementation is flawed.

Consider the case when get is called when there is no items in the queue.
When the thread wakes up, it does not assign item (the passed in
parameter) anything and exits.  If item was initialized to anything
but NULL, the application code will treat the returned item as valid
and used it as if it is a real item.

This is taken from a recent CVS, a month or 2 ago.
Relevant code attached below taken from mbox2.inl

David


--- template <class T, cyg_count32 QUEUE_SIZE> CYG_MBOXT_INLINE cyg_bool Cyg_Mboxt2<T,QUEUE_SIZE>::get( T &ritem ) { CYG_REPORT_FUNCTION(); Cyg_Thread *self = Cyg_Thread::self();

   // Prevent preemption
   Cyg_Scheduler::lock();

CYG_ASSERTCLASS( this, "Bad this pointer");

CYG_INSTRUMENT_MBOXT(GET, this, count);

   if ( 0 < count ) {
       CYG_INSTRUMENT_MBOXT(GOT, this, count);

       ritem = itemqueue[ (count--, base++) ];
       CYG_ASSERT( 0 <= count, "Count went -ve" );
       CYG_ASSERT( size >= base, "Base overflow" );

       if ( size <= base )
           base = 0;

#ifdef CYGMFN_KERNEL_SYNCH_MBOXT_PUT_CAN_WAIT
       wakeup_putter();
#endif

       // Unlock the scheduler and definitely switch threads
       Cyg_Scheduler::unlock();

       CYG_ASSERTCLASS( this, "Bad this pointer");
       CYG_REPORT_RETVAL( true );
       return true;
   }

   self->set_wait_info( (CYG_ADDRWORD)&ritem );
   self->set_sleep_reason( Cyg_Thread::WAIT );
   self->sleep();
   get_threadq.enqueue( self );

CYG_INSTRUMENT_MBOXT(WAIT, this, count);

   // Unlock scheduler and allow other threads to run
   Cyg_Scheduler::unlock_reschedule();

   cyg_bool result = true;
   switch( self->get_wake_reason() )
   {
   case Cyg_Thread::DESTRUCT:
   case Cyg_Thread::BREAK:
       result = false;
       break;

   case Cyg_Thread::EXIT:
       self->exit();
       break;

   default:
       break;
   }
   CYG_ASSERTCLASS( this, "Bad this pointer");
   CYG_REPORT_RETVAL( result );
   return result;
}

--
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]