Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

devif_poll_tcp_timer shouldn't be skipped in the multiple card case #8

Closed
wants to merge 1 commit into from

Conversation

xiaoxiang781216
Copy link
Contributor

devif_timer will be called multiple time in one period if the multiple card exist,
the elapsed time calculated for the first callback is right, but the flowing callback
in the same period is wrong(very short) because the global variable g_polltimer is
used in the calculation.

so let's pass the delay time to devif_timer and remove g_polltimer.

Change-Id: I6ac3d1135e08cc0f34c51916fa713bd6e6892d04
Signed-off-by: Xiang Xiao [email protected]

devif_timer will be called multiple time in one period if the multiple card exist,
the elapsed time calculated for the first callback is right, but the flowing callback
in the same period is wrong(very short) because the global variable g_polltimer is
used in the calculation.

so let's pass the delay time to devif_timer and remove g_polltimer.

Change-Id: I6ac3d1135e08cc0f34c51916fa713bd6e6892d04
Signed-off-by: Xiang Xiao <[email protected]>
@patacongo
Copy link
Contributor

Correct if there is a problem. This is a duplicate of PR 4, correct. PR 4 was merged via patch. If there is more to be done. Please let me know.

@patacongo patacongo closed this Dec 24, 2019
@xiaoxiang781216 xiaoxiang781216 deleted the fix_tcp_timer branch December 24, 2019 16:54
anchao added a commit to anchao/nuttx that referenced this pull request Jun 15, 2020
ASAN trace:
...
==32087==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4502120 at pc 0x56673ca3 bp 0xff9b6a08 sp 0xff9b69f8
WRITE of size 1 at 0xf4502120 thread T0
    #0 0x56673ca2 in strcpy string/lib_strcpy.c:64

0xf4502120 is located 0 bytes to the right of 8224-byte region [0xf4500100,0xf4502120)
allocated by thread T0 here:
    #0 0xf7a60f54 in malloc (/usr/lib32/libasan.so.4+0xe5f54)
    #1 0x5667725d in up_create_stack sim/up_createstack.c:135
    #2 0x56657ed8 in nxthread_create task/task_create.c:125
    #3 0x566580bb in kthread_create task/task_create.c:297
    #4 0x5665935f in work_start_highpri wqueue/kwork_hpthread.c:149
    #5 0x56656f31 in nx_workqueues init/nx_bringup.c:181
    #6 0x56656fc6 in nx_bringup init/nx_bringup.c:436
    apache#7 0x56656e95 in nx_start init/nx_start.c:809
    apache#8 0x566548d4 in main sim/up_head.c:95
    apache#9 0xf763ae80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80)

CALLSTACK:
    apache#8  0xf79de7a5 in __asan_report_store1 () from /usr/lib32/libasan.so.4
    apache#9  0x565fd4d7 in strcpy (dest=0xf4a02121 "", src=0xf5c00895 "k") at string/lib_strcpy.c:64
    apache#10 0x565e4eb2 in nxtask_setup_stackargs (tcb=0xf5c00810, argv=0x0) at task/task_setup.c:570
    apache#11 0x565e50ff in nxtask_setup_arguments (tcb=0xf5c00810, name=0x5679e580 "hpwork", argv=0x0) at task/task_setup.c:714
    apache#12 0x565e414e in nxthread_create (name=0x5679e580 "hpwork", ttype=2 '\002', priority=224, stack=0x0, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:143
    apache#13 0x565e42e3 in kthread_create (name=0x5679e580 "hpwork", priority=224, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:297
    apache#14 0x565e5557 in work_start_highpri () at wqueue/kwork_hpthread.c:149
    apache#15 0x565e3e32 in nx_workqueues () at init/nx_bringup.c:181
    apache#16 0x565e3ec7 in nx_bringup () at init/nx_bringup.c:436
    apache#17 0x565e3d96 in nx_start () at init/nx_start.c:809
    apache#18 0x565e3195 in main (argc=1, argv=0xffe6b954, envp=0xffe6b95c) at sim/up_head.c:95

Change-Id: I096f7952aae67d055daa737e967242eb217ef8ac
Signed-off-by: chao.an <[email protected]>
patacongo pushed a commit that referenced this pull request Jun 15, 2020
ASAN trace:
...
==32087==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4502120 at pc 0x56673ca3 bp 0xff9b6a08 sp 0xff9b69f8
WRITE of size 1 at 0xf4502120 thread T0
    #0 0x56673ca2 in strcpy string/lib_strcpy.c:64

0xf4502120 is located 0 bytes to the right of 8224-byte region [0xf4500100,0xf4502120)
allocated by thread T0 here:
    #0 0xf7a60f54 in malloc (/usr/lib32/libasan.so.4+0xe5f54)
    #1 0x5667725d in up_create_stack sim/up_createstack.c:135
    #2 0x56657ed8 in nxthread_create task/task_create.c:125
    #3 0x566580bb in kthread_create task/task_create.c:297
    #4 0x5665935f in work_start_highpri wqueue/kwork_hpthread.c:149
    #5 0x56656f31 in nx_workqueues init/nx_bringup.c:181
    #6 0x56656fc6 in nx_bringup init/nx_bringup.c:436
    #7 0x56656e95 in nx_start init/nx_start.c:809
    #8 0x566548d4 in main sim/up_head.c:95
    #9 0xf763ae80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80)

CALLSTACK:
    #8  0xf79de7a5 in __asan_report_store1 () from /usr/lib32/libasan.so.4
    #9  0x565fd4d7 in strcpy (dest=0xf4a02121 "", src=0xf5c00895 "k") at string/lib_strcpy.c:64
    #10 0x565e4eb2 in nxtask_setup_stackargs (tcb=0xf5c00810, argv=0x0) at task/task_setup.c:570
    #11 0x565e50ff in nxtask_setup_arguments (tcb=0xf5c00810, name=0x5679e580 "hpwork", argv=0x0) at task/task_setup.c:714
    #12 0x565e414e in nxthread_create (name=0x5679e580 "hpwork", ttype=2 '\002', priority=224, stack=0x0, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:143
    #13 0x565e42e3 in kthread_create (name=0x5679e580 "hpwork", priority=224, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:297
    #14 0x565e5557 in work_start_highpri () at wqueue/kwork_hpthread.c:149
    #15 0x565e3e32 in nx_workqueues () at init/nx_bringup.c:181
    #16 0x565e3ec7 in nx_bringup () at init/nx_bringup.c:436
    #17 0x565e3d96 in nx_start () at init/nx_start.c:809
    #18 0x565e3195 in main (argc=1, argv=0xffe6b954, envp=0xffe6b95c) at sim/up_head.c:95

Change-Id: I096f7952aae67d055daa737e967242eb217ef8ac
Signed-off-by: chao.an <[email protected]>
yamt added a commit to yamt/incubator-nuttx that referenced this pull request Sep 1, 2020
Note: dlsymtab is not in standards. but just in case.

	(gdb) bt
	#0  getpid () at task/task_getpid.c:91
	apache#1  0x00000000004fbc9d in modlib_registry_lock ()
		at modlib/modlib_registry.c:89
	apache#2  0x0000000000719ee0 in modsym (handle=0xffffffffffffffff,
		name=0x7fa7ebdde8c7 "mmap") at module/mod_modsym.c:92
	apache#3  0x000000000071597d in dlsym (handle=0xffffffffffffffff,
		name=0x7fa7ebdde8c7 "mmap") at dlfcn/lib_dlsym.c:164
	apache#4  0x00007fa7ebdbeb39 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
	apache#5  0x00007fa7ebd79b28 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
	apache#6  0x00007fa7ebd9d7a7 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
	apache#7  0x00007fa7ec6ce03a in ?? () from /lib64/ld-linux-x86-64.so.2
	apache#8  0x00007fa7ec6ce141 in ?? () from /lib64/ld-linux-x86-64.so.2
	apache#9  0x00007fa7ec6be13a in ?? () from /lib64/ld-linux-x86-64.so.2
	apache#10 0x0000000000000001 in ?? ()
	apache#11 0x00007fff028f686b in ?? ()
	apache#12 0x0000000000000000 in ?? ()
	(gdb) quit
xiaoxiang781216 pushed a commit that referenced this pull request Sep 1, 2020
Note: dlsymtab is not in standards. but just in case.

	(gdb) bt
	#0  getpid () at task/task_getpid.c:91
	#1  0x00000000004fbc9d in modlib_registry_lock ()
		at modlib/modlib_registry.c:89
	#2  0x0000000000719ee0 in modsym (handle=0xffffffffffffffff,
		name=0x7fa7ebdde8c7 "mmap") at module/mod_modsym.c:92
	#3  0x000000000071597d in dlsym (handle=0xffffffffffffffff,
		name=0x7fa7ebdde8c7 "mmap") at dlfcn/lib_dlsym.c:164
	#4  0x00007fa7ebdbeb39 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
	#5  0x00007fa7ebd79b28 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
	#6  0x00007fa7ebd9d7a7 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
	#7  0x00007fa7ec6ce03a in ?? () from /lib64/ld-linux-x86-64.so.2
	#8  0x00007fa7ec6ce141 in ?? () from /lib64/ld-linux-x86-64.so.2
	#9  0x00007fa7ec6be13a in ?? () from /lib64/ld-linux-x86-64.so.2
	#10 0x0000000000000001 in ?? ()
	#11 0x00007fff028f686b in ?? ()
	#12 0x0000000000000000 in ?? ()
	(gdb) quit
yamt added a commit to yamt/incubator-nuttx that referenced this pull request Sep 17, 2020
This reverts commit 21cff9f.

It broke sim on macOS.
In the following backtrace, the host socket() should be used
instead of nuttx's.

(lldb) bt
* thread apache#1, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1
  * frame #0: 0x00000001000f5391 nuttx`socket(domain=1, type=1, protocol=0) at socket.c:192:12
    frame apache#1: 0x000000010012b682 nuttx`vpnkit_connect at up_vpnkit.c:75:8
    frame apache#2: 0x000000010012b60b nuttx`vpnkit_init at up_vpnkit.c:136:3
    frame apache#3: 0x0000000100034b56 nuttx`netdriver_init at up_netdriver.c:334:3
    frame apache#4: 0x0000000100033294 nuttx`up_initialize at up_initialize.c:260:3
    frame apache#5: 0x00000001000031e3 nuttx`nx_start at nx_start.c:701:3
    frame apache#6: 0x0000000100000b12 nuttx`main(argc=1, argv=0x00007ffeefbfd6c8, envp=0x00007ffeefbfd6d8) at up_head.c:96:7
    frame apache#7: 0x00007fff7831b3d5 libdyld.dylib`start + 1
    frame apache#8: 0x00007fff7831b3d5 libdyld.dylib`start + 1
(lldb)
anchao added a commit to anchao/nuttx that referenced this pull request Nov 9, 2020
(gdb) b longjmp
Breakpoint 1 at 0x8270
(gdb) r
Starting program: /home/chao/code/m3/nuttx/nuttx
[    0.000000] Assertion failed at file:task/task_onexit.c line: 99

Breakpoint 1, 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6
(gdb)
(gdb) bt
|#0  0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6
|#1  0xf7f9c3dc in siglongjmp_alias () from /lib/i386-linux-gnu/libpthread.so.0
|#2  0x5655d668 in up_assert (filename=0x56641018 "task/task_onexit.c", line=99) at sim/up_head.c:132
|#3  0x56567413 in _assert (filename=0x56641018 "task/task_onexit.c", linenum=99) at assert/lib_assert.c:36
|#4  0x565f8cfd in on_exit (func=0x565f8c12 <exitfunc>, arg=0x565fd780 <simuart_restoremode>) at task/task_onexit.c:99
|#5  0x565f8c89 in atexit (func=0x565fd780 <simuart_restoremode>) at task/task_atexit.c:109
|#6  0x565fd819 in simuart_start () at sim/up_simuart.c:112
|apache#7  0x5656c844 in up_uartinit () at sim/up_uart.c:496
|apache#8  0x5656ba7a in up_initialize () at sim/up_initialize.c:234
|apache#9  0x5655da56 in nx_start () at init/nx_start.c:701
|apache#10 0x5655d5e9 in main (argc=1, argv=0xffffd6f4, envp=0xffffd6fc) at sim/up_head.c:96

Change-Id: Ifd7196b2de7bf9fc7cea764c19a5c0eacf08fdb6
Signed-off-by: chao.an <[email protected]>
acassis pushed a commit that referenced this pull request Nov 9, 2020
(gdb) b longjmp
Breakpoint 1 at 0x8270
(gdb) r
Starting program: /home/chao/code/m3/nuttx/nuttx
[    0.000000] Assertion failed at file:task/task_onexit.c line: 99

Breakpoint 1, 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6
(gdb)
(gdb) bt
|#0  0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6
|#1  0xf7f9c3dc in siglongjmp_alias () from /lib/i386-linux-gnu/libpthread.so.0
|#2  0x5655d668 in up_assert (filename=0x56641018 "task/task_onexit.c", line=99) at sim/up_head.c:132
|#3  0x56567413 in _assert (filename=0x56641018 "task/task_onexit.c", linenum=99) at assert/lib_assert.c:36
|#4  0x565f8cfd in on_exit (func=0x565f8c12 <exitfunc>, arg=0x565fd780 <simuart_restoremode>) at task/task_onexit.c:99
|#5  0x565f8c89 in atexit (func=0x565fd780 <simuart_restoremode>) at task/task_atexit.c:109
|#6  0x565fd819 in simuart_start () at sim/up_simuart.c:112
|#7  0x5656c844 in up_uartinit () at sim/up_uart.c:496
|#8  0x5656ba7a in up_initialize () at sim/up_initialize.c:234
|#9  0x5655da56 in nx_start () at init/nx_start.c:701
|#10 0x5655d5e9 in main (argc=1, argv=0xffffd6f4, envp=0xffffd6fc) at sim/up_head.c:96

Change-Id: Ifd7196b2de7bf9fc7cea764c19a5c0eacf08fdb6
Signed-off-by: chao.an <[email protected]>
anchao added a commit to anchao/nuttx that referenced this pull request Dec 14, 2020
Deadlock during recursive access if unionfs overlays procfs,
check the critical segment only and remove the useless protection part.

|#0  unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136
...
|#6  0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412
|apache#7  0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026

original call stack:
(gdb) bt
|#0  unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136
|#1  0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119
|#2  0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90
|#3  0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193
|#4  0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169
|#5  0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537
|#6  0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412
|apache#7  0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026
|apache#8  0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110
|apache#9  0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175
|apache#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206
|apache#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116
|apache#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73
|apache#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061
|apache#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741
|apache#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578
|apache#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662
|apache#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191
|apache#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115
|apache#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168
|apache#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165
|apache#21 0x08049713 in nxtask_start () at task/task_start.c:144
|apache#22 0x00000000 in ?? ()

Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca
Signed-off-by: chao.an <[email protected]>
anchao added a commit to anchao/nuttx that referenced this pull request Dec 14, 2020
Deadlock during recursive access if unionfs overlays procfs,
check the critical segment only and remove the useless protection part.

|#0  unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136
...
|#6  0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412
|apache#7  0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026

original call stack:
(gdb) bt
|#0  unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136
|#1  0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119
|#2  0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90
|#3  0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193
|#4  0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169
|#5  0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537
|#6  0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412
|apache#7  0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026
|apache#8  0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110
|apache#9  0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175
|apache#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206
|apache#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116
|apache#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73
|apache#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061
|apache#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741
|apache#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578
|apache#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662
|apache#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191
|apache#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115
|apache#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168
|apache#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165
|apache#21 0x08049713 in nxtask_start () at task/task_start.c:144
|apache#22 0x00000000 in ?? ()

Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca
Signed-off-by: chao.an <[email protected]>
xiaoxiang781216 pushed a commit that referenced this pull request Dec 15, 2020
Deadlock during recursive access if unionfs overlays procfs,
check the critical segment only and remove the useless protection part.

|#0  unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136
...
|#6  0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412
|#7  0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026

original call stack:
(gdb) bt
|#0  unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136
|#1  0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119
|#2  0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90
|#3  0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193
|#4  0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169
|#5  0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537
|#6  0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412
|#7  0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026
|#8  0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110
|#9  0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175
|#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206
|#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116
|#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73
|#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061
|#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741
|#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578
|#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662
|#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191
|#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115
|#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168
|#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165
|#21 0x08049713 in nxtask_start () at task/task_start.c:144
|#22 0x00000000 in ?? ()

Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca
Signed-off-by: chao.an <[email protected]>
yamt added a commit to yamt/incubator-nuttx that referenced this pull request Mar 23, 2021
```
    Program received signal SIGSEGV, Segmentation fault.
    getpid () at task/task_getpid.c:76
    76      task/task_getpid.c: No such file or directory.
    rax            0x2feeb4            3141300
    rbx            0xc53f83            12926851
    rcx            0x6837665ee4c00     1833394399759360
    rdx            0x472080            4661376
    rsi            0xc53f83            12926851
    rdi            0xffffffffffffffff  -1
    rbp            0x7ffe4cdfe140      0x7ffe4cdfe140
    rsp            0x7ffe4cdfe0f0      0x7ffe4cdfe0f0
    r8             0xffffffffffffffff  -1
    r9             0x0                 0
    r10            0x22                34
    r11            0x246               582
    r12            0x472080            4661376
    r13            0x7ffe4cdfe3e8      140730188162024
    r14            0x472080            4661376
    r15            0xf60398            16122776
    rip            0x4e9b93            0x4e9b93 <getpid+35>
    eflags         0x10206             [ PF IF RF ]
    cs             0x33                51
    ss             0x2b                43
    ds             0x0                 0
    es             0x0                 0
    fs             0x0                 0
    gs             0x0                 0
    #0  getpid () at task/task_getpid.c:76
    apache#1  0x00000000006ad25a in modlib_registry_lock () at modlib/modlib_registry.c:89
    apache#2  0x0000000000c3648d in modsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at module/mod_modsym.c:77
    apache#3  0x0000000000c2cd3a in dlsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at dlfcn/lib_dlsym.c:149
    apache#4  0x00000000004a0034 in __interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long) ()
    apache#5  0x000000000048181e in InitializeCommonInterceptors() ()
    apache#6  0x000000000048106a in __asan::InitializeAsanInterceptors() ()
    apache#7  0x000000000049b85e in __asan::AsanInitInternal() ()
    apache#8  0x00007f09cfb04ce6 in ?? () from /lib64/ld-linux-x86-64.so.2
    apache#9  0x00007f09cfaf413a in ?? () from /lib64/ld-linux-x86-64.so.2
    apache#10 0x0000000000000001 in ?? ()
    apache#11 0x00007ffe4cdfff56 in ?? ()
    apache#12 0x0000000000000000 in ?? ()
```
yamt added a commit to yamt/incubator-nuttx that referenced this pull request Mar 23, 2021
Fixes the following crash with CONFIG_SIM_SANITIZE=y on Linux.

```
    Program received signal SIGSEGV, Segmentation fault.
    getpid () at task/task_getpid.c:76
    76      task/task_getpid.c: No such file or directory.
    rax            0x2feeb4            3141300
    rbx            0xc53f83            12926851
    rcx            0x6837665ee4c00     1833394399759360
    rdx            0x472080            4661376
    rsi            0xc53f83            12926851
    rdi            0xffffffffffffffff  -1
    rbp            0x7ffe4cdfe140      0x7ffe4cdfe140
    rsp            0x7ffe4cdfe0f0      0x7ffe4cdfe0f0
    r8             0xffffffffffffffff  -1
    r9             0x0                 0
    r10            0x22                34
    r11            0x246               582
    r12            0x472080            4661376
    r13            0x7ffe4cdfe3e8      140730188162024
    r14            0x472080            4661376
    r15            0xf60398            16122776
    rip            0x4e9b93            0x4e9b93 <getpid+35>
    eflags         0x10206             [ PF IF RF ]
    cs             0x33                51
    ss             0x2b                43
    ds             0x0                 0
    es             0x0                 0
    fs             0x0                 0
    gs             0x0                 0
    #0  getpid () at task/task_getpid.c:76
    apache#1  0x00000000006ad25a in modlib_registry_lock () at modlib/modlib_registry.c:89
    apache#2  0x0000000000c3648d in modsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at module/mod_modsym.c:77
    apache#3  0x0000000000c2cd3a in dlsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at dlfcn/lib_dlsym.c:149
    apache#4  0x00000000004a0034 in __interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long) ()
    apache#5  0x000000000048181e in InitializeCommonInterceptors() ()
    apache#6  0x000000000048106a in __asan::InitializeAsanInterceptors() ()
    apache#7  0x000000000049b85e in __asan::AsanInitInternal() ()
    apache#8  0x00007f09cfb04ce6 in ?? () from /lib64/ld-linux-x86-64.so.2
    apache#9  0x00007f09cfaf413a in ?? () from /lib64/ld-linux-x86-64.so.2
    apache#10 0x0000000000000001 in ?? ()
    apache#11 0x00007ffe4cdfff56 in ?? ()
    apache#12 0x0000000000000000 in ?? ()
```
xiaoxiang781216 pushed a commit that referenced this pull request Mar 23, 2021
Fixes the following crash with CONFIG_SIM_SANITIZE=y on Linux.

```
    Program received signal SIGSEGV, Segmentation fault.
    getpid () at task/task_getpid.c:76
    76      task/task_getpid.c: No such file or directory.
    rax            0x2feeb4            3141300
    rbx            0xc53f83            12926851
    rcx            0x6837665ee4c00     1833394399759360
    rdx            0x472080            4661376
    rsi            0xc53f83            12926851
    rdi            0xffffffffffffffff  -1
    rbp            0x7ffe4cdfe140      0x7ffe4cdfe140
    rsp            0x7ffe4cdfe0f0      0x7ffe4cdfe0f0
    r8             0xffffffffffffffff  -1
    r9             0x0                 0
    r10            0x22                34
    r11            0x246               582
    r12            0x472080            4661376
    r13            0x7ffe4cdfe3e8      140730188162024
    r14            0x472080            4661376
    r15            0xf60398            16122776
    rip            0x4e9b93            0x4e9b93 <getpid+35>
    eflags         0x10206             [ PF IF RF ]
    cs             0x33                51
    ss             0x2b                43
    ds             0x0                 0
    es             0x0                 0
    fs             0x0                 0
    gs             0x0                 0
    #0  getpid () at task/task_getpid.c:76
    #1  0x00000000006ad25a in modlib_registry_lock () at modlib/modlib_registry.c:89
    #2  0x0000000000c3648d in modsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at module/mod_modsym.c:77
    #3  0x0000000000c2cd3a in dlsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at dlfcn/lib_dlsym.c:149
    #4  0x00000000004a0034 in __interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long) ()
    #5  0x000000000048181e in InitializeCommonInterceptors() ()
    #6  0x000000000048106a in __asan::InitializeAsanInterceptors() ()
    #7  0x000000000049b85e in __asan::AsanInitInternal() ()
    #8  0x00007f09cfb04ce6 in ?? () from /lib64/ld-linux-x86-64.so.2
    #9  0x00007f09cfaf413a in ?? () from /lib64/ld-linux-x86-64.so.2
    #10 0x0000000000000001 in ?? ()
    #11 0x00007ffe4cdfff56 in ?? ()
    #12 0x0000000000000000 in ?? ()
```
yamt added a commit to yamt/incubator-nuttx that referenced this pull request Apr 16, 2021
This reverts commit 2335b69.

It seems that the commit is question broke sim/Linux and sim/macOS.
Both of the following crashes are fixed by this revert.

My app running with sim/Linux started crashing with the commit.

```
Program received signal SIGSEGV, Segmentation fault.
0x00000000004583ad in snprintf (buf=0x7f6260682b30 "\020", size=140060500962096, format=0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff>) at stdio/lib_snprintf.c:41
41      stdio/lib_snprintf.c: No such file or directory.
rax            0x0                 0
rbx            0x0                 0
rcx            0x1                 1
rdx            0x5515d0            5576144
rsi            0x10                16
rdi            0x7f6260682858      140060500961368
rbp            0x7f6260682808      0x7f6260682808
rsp            0x7f6260682628      0x7f6260682628
r8             0x7f62606825e0      140060500960736
r9             0x0                 0
r10            0x8                 8
r11            0x246               582
r12            0x0                 0
r13            0x0                 0
r14            0x0                 0
r15            0x0                 0
rip            0x4583ad            0x4583ad <snprintf+13>
eflags         0x10246             [ PF ZF IF RF ]
cs             0x33                51
ss             0x2b                43
ds             0x0                 0
es             0x0                 0
fs             0x0                 0
gs             0x0                 0
```

sim:ostest on macOS crashes like the following.

```
spacetanuki% lldb ./nuttx
(lldb) target create "./nuttx"
Current executable set to './nuttx' (x86_64).
(lldb) run
Process 67434 launched: '/Users/yamamoto/git/nuttx/nuttx/nuttx' (x86_64)
Process 67434 stopped
* thread apache#1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
    frame #0: 0x00007fff6f1633a6 libdyld.dylib`stack_not_16_byte_aligned_error
libdyld.dylib`stack_not_16_byte_aligned_error:
->  0x7fff6f1633a6 <+0>: movdqa %xmm0, (%rsp)
    0x7fff6f1633ab <+5>: int3

libdyld.dylib`_dyld_fast_stub_entry:
    0x7fff6f1633ac <+0>: pushq  %rbp
    0x7fff6f1633ad <+1>: movq   %rsp, %rbp
Target 0: (nuttx) stopped.
(lldb) bt
* thread apache#1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
  * frame #0: 0x00007fff6f1633a6 libdyld.dylib`stack_not_16_byte_aligned_error
    frame apache#1: 0x0000000101002048
    frame apache#2: 0x000000010001682d nuttx`tty_send(dev=0x000000010002f370, ch=115) at up_uart.c:447:3
    frame apache#3: 0x000000010000d7df nuttx`uart_xmitchars(dev=0x000000010002f370) at serial_io.c:68:7
    frame apache#4: 0x0000000100016a95 nuttx`tty_txint(dev=0x000000010002f370, enable='\x01') at up_uart.c:462:7
    frame apache#5: 0x000000010000ce48 nuttx`uart_write(filep=0x00000001010011e8, buffer="", buflen=0) at serial.c:1260:7
    frame apache#6: 0x0000000100024ef3 nuttx`file_write(filep=0x00000001010011e8, buf=0x0000000100027a30, nbytes=23) at fs_write.c:89:10
    frame apache#7: 0x0000000100024f6a nuttx`nx_write(fd=1, buf=0x0000000100027a30, nbytes=23) at fs_write.c:138:13
    frame apache#8: 0x0000000100024fab nuttx`file_write(filep=0x0000000100027a30, buf=0x0000000000000017, nbytes=0) at fs_write.c:76:7
    frame apache#9: 0x000000010002215e nuttx`stdio_test at ostest_main.c:574:3
    frame apache#10: 0x0000000100021f1b nuttx`ostest_main(argc=1, argv=0x0000000101001300) at ostest_main.c:602:3
    frame apache#11: 0x000000010000ff05 nuttx`nxtask_startup(entrypt=(nuttx`ostest_main at ostest_main.c:592), argc=1, argv=0x0000000101001300) at task_startup.c:150:8
    frame apache#12: 0x000000010000a580 nuttx`nxtask_start at task_start.c:129:7
(lldb)
```
davids5 added a commit to nuttx-to-asf/incubator-nuttx that referenced this pull request May 19, 2021
   Broken by 635cfa.

   On an stm32 the heap is formed from
   const uintptr_t g_idle_topstack = HEAP_BASE;
   where HEAP_BASE is &_bss + CONFIG_IDLE_STACKSIZE.

   Both these values are not deterministic. One
   comes from the compiler, the other the system
   configurator.

   a 3 byte bss and 250 byte stack would lead to
   and unaligned address used as the heap to be.

   The compiler used clever `strd r1,r3,[r5,apache#8]` to
   store 2 values in one memory cycle into the
   heap_impl struct. Resulting in a hardfault.

   Change the amount of bss or the CONFIG_IDLE_STACKSIZE
   could lead to a non-functional NuttX system.
xiaoxiang781216 pushed a commit that referenced this pull request May 20, 2021
   Broken by 635cfa.

   On an stm32 the heap is formed from
   const uintptr_t g_idle_topstack = HEAP_BASE;
   where HEAP_BASE is &_bss + CONFIG_IDLE_STACKSIZE.

   Both these values are not deterministic. One
   comes from the compiler, the other the system
   configurator.

   a 3 byte bss and 250 byte stack would lead to
   and unaligned address used as the heap to be.

   The compiler used clever `strd r1,r3,[r5,#8]` to
   store 2 values in one memory cycle into the
   heap_impl struct. Resulting in a hardfault.

   Change the amount of bss or the CONFIG_IDLE_STACKSIZE
   could lead to a non-functional NuttX system.
antmerlino pushed a commit to antmerlino/incubator-nuttx that referenced this pull request Jun 2, 2021
Sensors: fixes at30ts74 register configuration during driver registration

Approved-by: Tony Samaritano <[email protected]>
GUIDINGLI added a commit to GUIDINGLI/incubator-nuttx that referenced this pull request Mar 28, 2022
==1598322==ERROR: AddressSanitizer: heap-use-after-free on address 0xf514f8a8 at pc 0x58ac3898 bp 0xd0b4d488 sp 0xd0b4d478
READ of size 4 at 0xf514f8a8 thread T0
    #0 0x58ac3897 in rpmsg_socket_pollnotify rpmsg/rpmsg_sockif.c:211
    #1 0x58ac512f in rpmsg_socket_ept_cb rpmsg/rpmsg_sockif.c:312
    #2 0x5787881c in rpmsg_virtio_rx_callback open-amp/lib/rpmsg/rpmsg_virtio.c:331
    apache#3 0x57886a67 in virtqueue_notification open-amp/lib/virtio/virtqueue.c:623
    apache#4 0x5786fb89 in rproc_virtio_notified open-amp/lib/remoteproc/remoteproc_virtio.c:340
    apache#5 0x5786bde3 in remoteproc_get_notification open-amp/lib/remoteproc/remoteproc.c:985
    apache#6 0x57755a50 in rptun_worker rptun/rptun.c:303
    apache#7 0x57755e51 in rptun_thread rptun/rptun.c:352
    apache#8 0x57730d4a in nxtask_start task/task_start.c:128
    apache#9 0xdeadbeee  (/memfd:pulseaudio (deleted)+0x15dbeee)

Signed-off-by: ligd <[email protected]>
xiaoxiang781216 pushed a commit that referenced this pull request Mar 29, 2022
==1598322==ERROR: AddressSanitizer: heap-use-after-free on address 0xf514f8a8 at pc 0x58ac3898 bp 0xd0b4d488 sp 0xd0b4d478
READ of size 4 at 0xf514f8a8 thread T0
    #0 0x58ac3897 in rpmsg_socket_pollnotify rpmsg/rpmsg_sockif.c:211
    #1 0x58ac512f in rpmsg_socket_ept_cb rpmsg/rpmsg_sockif.c:312
    #2 0x5787881c in rpmsg_virtio_rx_callback open-amp/lib/rpmsg/rpmsg_virtio.c:331
    #3 0x57886a67 in virtqueue_notification open-amp/lib/virtio/virtqueue.c:623
    #4 0x5786fb89 in rproc_virtio_notified open-amp/lib/remoteproc/remoteproc_virtio.c:340
    #5 0x5786bde3 in remoteproc_get_notification open-amp/lib/remoteproc/remoteproc.c:985
    #6 0x57755a50 in rptun_worker rptun/rptun.c:303
    #7 0x57755e51 in rptun_thread rptun/rptun.c:352
    #8 0x57730d4a in nxtask_start task/task_start.c:128
    #9 0xdeadbeee  (/memfd:pulseaudio (deleted)+0x15dbeee)

Signed-off-by: ligd <[email protected]>
xiaoxiang781216 pushed a commit that referenced this pull request Sep 10, 2024
The expression "sub    x0,  x0, #8 * XCPTCONTEXT_GP_REGS" is void,
as the next instruction overwrites x0 anyway.
medexs pushed a commit to medexs/nuttx that referenced this pull request Sep 19, 2024
The expression "sub    x0,  x0, apache#8 * XCPTCONTEXT_GP_REGS" is void,
as the next instruction overwrites x0 anyway.
jasonbu pushed a commit to jasonbu/nuttx that referenced this pull request Sep 27, 2024
ap> cat pm
=================================================================
==30235==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf436edd9 at pc 0x03338a48 bp 0x9d1b6ca8 sp 0x9d1b6c98
READ of size 1 at 0xf436edd9 thread T0
    #0 0x3338a47 in strncmp string/lib_strncmp.c:42
    apache#1 0x371af87 in pm_get_file_index power/pm/pm_procfs.c:174
    apache#2 0x371b066 in pm_open power/pm/pm_procfs.c:207
    apache#3 0x3640d20 in procfs_open procfs/fs_procfs.c:419
    apache#4 0x359bce2 in file_vopen vfs/fs_open.c:240
    apache#5 0x359c431 in nx_vopen vfs/fs_open.c:312
    apache#6 0x359cb53 in open vfs/fs_open.c:465
    apache#7 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140
    apache#8 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556
    apache#9 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164
    apache#10 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845
    apache#11 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744
    apache#12 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828
    apache#13 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245
    apache#14 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75
    apache#15 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74
    apache#16 0x332b6e6 in nxtask_startup sched/task_startup.c:70
    apache#17 0x323ec3f in nxtask_start task/task_start.c:134
    apache#18 0x33636ea in pre_start sim/sim_initialstate.c:52

ap> cat net
=================================================================
==30303==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4479a5a at pc 0x03338a48 bp 0x9d2b6ce8 sp 0x9d2b6cd8
READ of size 1 at 0xf4479a5a thread T0
    #0 0x3338a47 in strncmp string/lib_strncmp.c:42
    apache#1 0x5395d62 in netprocfs_open procfs/net_procfs.c:215
    apache#2 0x3640d20 in procfs_open procfs/fs_procfs.c:419
    apache#3 0x359bce2 in file_vopen vfs/fs_open.c:240
    apache#4 0x359c431 in nx_vopen vfs/fs_open.c:312
    apache#5 0x359cb53 in open vfs/fs_open.c:465
    apache#6 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140
    apache#7 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556
    apache#8 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164
    apache#9 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845
    apache#10 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744
    apache#11 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828
    apache#12 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245
    apache#13 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75
    apache#14 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74
    apache#15 0x332b6e6 in nxtask_startup sched/task_startup.c:70
    apache#16 0x323ec3f in nxtask_start task/task_start.c:134
    apache#17 0x33636ea in pre_start sim/sim_initialstate.c:52

Signed-off-by: dulibo1 <[email protected]>
Signed-off-by: buxiasen <[email protected]>
xiaoxiang781216 pushed a commit that referenced this pull request Sep 27, 2024
ap> cat pm
=================================================================
==30235==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf436edd9 at pc 0x03338a48 bp 0x9d1b6ca8 sp 0x9d1b6c98
READ of size 1 at 0xf436edd9 thread T0
    #0 0x3338a47 in strncmp string/lib_strncmp.c:42
    #1 0x371af87 in pm_get_file_index power/pm/pm_procfs.c:174
    #2 0x371b066 in pm_open power/pm/pm_procfs.c:207
    #3 0x3640d20 in procfs_open procfs/fs_procfs.c:419
    #4 0x359bce2 in file_vopen vfs/fs_open.c:240
    #5 0x359c431 in nx_vopen vfs/fs_open.c:312
    #6 0x359cb53 in open vfs/fs_open.c:465
    #7 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140
    #8 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556
    #9 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164
    #10 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845
    #11 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744
    #12 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828
    #13 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245
    #14 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75
    #15 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74
    #16 0x332b6e6 in nxtask_startup sched/task_startup.c:70
    #17 0x323ec3f in nxtask_start task/task_start.c:134
    #18 0x33636ea in pre_start sim/sim_initialstate.c:52

ap> cat net
=================================================================
==30303==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4479a5a at pc 0x03338a48 bp 0x9d2b6ce8 sp 0x9d2b6cd8
READ of size 1 at 0xf4479a5a thread T0
    #0 0x3338a47 in strncmp string/lib_strncmp.c:42
    #1 0x5395d62 in netprocfs_open procfs/net_procfs.c:215
    #2 0x3640d20 in procfs_open procfs/fs_procfs.c:419
    #3 0x359bce2 in file_vopen vfs/fs_open.c:240
    #4 0x359c431 in nx_vopen vfs/fs_open.c:312
    #5 0x359cb53 in open vfs/fs_open.c:465
    #6 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140
    #7 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556
    #8 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164
    #9 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845
    #10 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744
    #11 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828
    #12 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245
    #13 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75
    #14 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74
    #15 0x332b6e6 in nxtask_startup sched/task_startup.c:70
    #16 0x323ec3f in nxtask_start task/task_start.c:134
    #17 0x33636ea in pre_start sim/sim_initialstate.c:52

Signed-off-by: dulibo1 <[email protected]>
Signed-off-by: buxiasen <[email protected]>
kywwilson11 pushed a commit to kywwilson11/nuttx that referenced this pull request Sep 30, 2024
ap> cat pm
=================================================================
==30235==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf436edd9 at pc 0x03338a48 bp 0x9d1b6ca8 sp 0x9d1b6c98
READ of size 1 at 0xf436edd9 thread T0
    #0 0x3338a47 in strncmp string/lib_strncmp.c:42
    #1 0x371af87 in pm_get_file_index power/pm/pm_procfs.c:174
    apache#2 0x371b066 in pm_open power/pm/pm_procfs.c:207
    apache#3 0x3640d20 in procfs_open procfs/fs_procfs.c:419
    apache#4 0x359bce2 in file_vopen vfs/fs_open.c:240
    apache#5 0x359c431 in nx_vopen vfs/fs_open.c:312
    apache#6 0x359cb53 in open vfs/fs_open.c:465
    apache#7 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140
    apache#8 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556
    apache#9 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164
    apache#10 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845
    apache#11 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744
    apache#12 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828
    apache#13 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245
    apache#14 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75
    apache#15 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74
    apache#16 0x332b6e6 in nxtask_startup sched/task_startup.c:70
    apache#17 0x323ec3f in nxtask_start task/task_start.c:134
    apache#18 0x33636ea in pre_start sim/sim_initialstate.c:52

ap> cat net
=================================================================
==30303==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4479a5a at pc 0x03338a48 bp 0x9d2b6ce8 sp 0x9d2b6cd8
READ of size 1 at 0xf4479a5a thread T0
    #0 0x3338a47 in strncmp string/lib_strncmp.c:42
    #1 0x5395d62 in netprocfs_open procfs/net_procfs.c:215
    apache#2 0x3640d20 in procfs_open procfs/fs_procfs.c:419
    apache#3 0x359bce2 in file_vopen vfs/fs_open.c:240
    apache#4 0x359c431 in nx_vopen vfs/fs_open.c:312
    apache#5 0x359cb53 in open vfs/fs_open.c:465
    apache#6 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140
    apache#7 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556
    apache#8 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164
    apache#9 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845
    apache#10 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744
    apache#11 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828
    apache#12 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245
    apache#13 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75
    apache#14 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74
    apache#15 0x332b6e6 in nxtask_startup sched/task_startup.c:70
    apache#16 0x323ec3f in nxtask_start task/task_start.c:134
    apache#17 0x33636ea in pre_start sim/sim_initialstate.c:52

Signed-off-by: dulibo1 <[email protected]>
Signed-off-by: buxiasen <[email protected]>
Gary-Hobson pushed a commit to Gary-Hobson/nuttx that referenced this pull request Oct 11, 2024
note/note_driver.c:1405:11: runtime error: null pointer passed as argument 2, which is declared to never be null
    #0 0x33bf5cc in sched_note_event_ip note/note_driver.c:1405
    #1 0x33bfb57 in note_driver_instrument_enter note/note_initialize.c:55
    #2 0x347b084 in __cyg_profile_func_enter misc/lib_instrument.c:68
    #3 0x34179de in binder_initialize binder/binder.c:669
    #4 0x339a936 in drivers_initialize /home/cuiziwei/vela/happy/nuttx/drivers/drivers_initialize.c:242
    #5 0x335a179 in nx_start init/nx_start.c:632
    #6 0x32f755c in main sim/sim_head.c:180
    apache#7 0xf6821518  (/lib/i386-linux-gnu/libc.so.6+0x21518) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036)
    apache#8 0xf68215f2 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x215f2) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036)
    apache#9 0x32b401a in _start (/home/cuiziwei/vela/happy/nuttx/nuttx+0x32b401a) (BuildId: 33f8f7b361d44a008de87fea1bc970b22b48b700)

Signed-off-by: cuiziwei <[email protected]>
Gary-Hobson pushed a commit to Gary-Hobson/nuttx that referenced this pull request Oct 11, 2024
note/note_driver.c:1405:11: runtime error: null pointer passed as argument 2, which is declared to never be null
    #0 0x33bf5cc in sched_note_event_ip note/note_driver.c:1405
    #1 0x33bfb57 in note_driver_instrument_enter note/note_initialize.c:55
    #2 0x347b084 in __cyg_profile_func_enter misc/lib_instrument.c:68
    #3 0x34179de in binder_initialize binder/binder.c:669
    #4 0x339a936 in drivers_initialize /home/cuiziwei/vela/happy/nuttx/drivers/drivers_initialize.c:242
    #5 0x335a179 in nx_start init/nx_start.c:632
    #6 0x32f755c in main sim/sim_head.c:180
    apache#7 0xf6821518  (/lib/i386-linux-gnu/libc.so.6+0x21518) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036)
    apache#8 0xf68215f2 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x215f2) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036)
    apache#9 0x32b401a in _start (/home/cuiziwei/vela/happy/nuttx/nuttx+0x32b401a) (BuildId: 33f8f7b361d44a008de87fea1bc970b22b48b700)

Signed-off-by: cuiziwei <[email protected]>
Gary-Hobson pushed a commit to Gary-Hobson/nuttx that referenced this pull request Oct 12, 2024
note/note_driver.c:1405:11: runtime error: null pointer passed as argument 2, which is declared to never be null
    #0 0x33bf5cc in sched_note_event_ip note/note_driver.c:1405
    #1 0x33bfb57 in note_driver_instrument_enter note/note_initialize.c:55
    #2 0x347b084 in __cyg_profile_func_enter misc/lib_instrument.c:68
    #3 0x34179de in binder_initialize binder/binder.c:669
    #4 0x339a936 in drivers_initialize /home/cuiziwei/vela/happy/nuttx/drivers/drivers_initialize.c:242
    #5 0x335a179 in nx_start init/nx_start.c:632
    #6 0x32f755c in main sim/sim_head.c:180
    apache#7 0xf6821518  (/lib/i386-linux-gnu/libc.so.6+0x21518) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036)
    apache#8 0xf68215f2 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x215f2) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036)
    apache#9 0x32b401a in _start (/home/cuiziwei/vela/happy/nuttx/nuttx+0x32b401a) (BuildId: 33f8f7b361d44a008de87fea1bc970b22b48b700)

Signed-off-by: cuiziwei <[email protected]>
Gary-Hobson pushed a commit to Gary-Hobson/nuttx that referenced this pull request Oct 12, 2024
note/note_driver.c:1405:11: runtime error: null pointer passed as argument 2, which is declared to never be null
    #0 0x33bf5cc in sched_note_event_ip note/note_driver.c:1405
    #1 0x33bfb57 in note_driver_instrument_enter note/note_initialize.c:55
    #2 0x347b084 in __cyg_profile_func_enter misc/lib_instrument.c:68
    #3 0x34179de in binder_initialize binder/binder.c:669
    #4 0x339a936 in drivers_initialize /home/cuiziwei/vela/happy/nuttx/drivers/drivers_initialize.c:242
    #5 0x335a179 in nx_start init/nx_start.c:632
    #6 0x32f755c in main sim/sim_head.c:180
    apache#7 0xf6821518  (/lib/i386-linux-gnu/libc.so.6+0x21518) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036)
    apache#8 0xf68215f2 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x215f2) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036)
    apache#9 0x32b401a in _start (/home/cuiziwei/vela/happy/nuttx/nuttx+0x32b401a) (BuildId: 33f8f7b361d44a008de87fea1bc970b22b48b700)

Signed-off-by: cuiziwei <[email protected]>
Gary-Hobson pushed a commit to Gary-Hobson/nuttx that referenced this pull request Oct 12, 2024
note/note_driver.c:1405:11: runtime error: null pointer passed as argument 2, which is declared to never be null
    #0 0x33bf5cc in sched_note_event_ip note/note_driver.c:1405
    #1 0x33bfb57 in note_driver_instrument_enter note/note_initialize.c:55
    #2 0x347b084 in __cyg_profile_func_enter misc/lib_instrument.c:68
    #3 0x34179de in binder_initialize binder/binder.c:669
    #4 0x339a936 in drivers_initialize /home/cuiziwei/vela/happy/nuttx/drivers/drivers_initialize.c:242
    #5 0x335a179 in nx_start init/nx_start.c:632
    #6 0x32f755c in main sim/sim_head.c:180
    apache#7 0xf6821518  (/lib/i386-linux-gnu/libc.so.6+0x21518) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036)
    apache#8 0xf68215f2 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x215f2) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036)
    apache#9 0x32b401a in _start (/home/cuiziwei/vela/happy/nuttx/nuttx+0x32b401a) (BuildId: 33f8f7b361d44a008de87fea1bc970b22b48b700)

Signed-off-by: cuiziwei <[email protected]>
xiaoxiang781216 pushed a commit that referenced this pull request Oct 13, 2024
note/note_driver.c:1405:11: runtime error: null pointer passed as argument 2, which is declared to never be null
    #0 0x33bf5cc in sched_note_event_ip note/note_driver.c:1405
    #1 0x33bfb57 in note_driver_instrument_enter note/note_initialize.c:55
    #2 0x347b084 in __cyg_profile_func_enter misc/lib_instrument.c:68
    #3 0x34179de in binder_initialize binder/binder.c:669
    #4 0x339a936 in drivers_initialize /home/cuiziwei/vela/happy/nuttx/drivers/drivers_initialize.c:242
    #5 0x335a179 in nx_start init/nx_start.c:632
    #6 0x32f755c in main sim/sim_head.c:180
    #7 0xf6821518  (/lib/i386-linux-gnu/libc.so.6+0x21518) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036)
    #8 0xf68215f2 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x215f2) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036)
    #9 0x32b401a in _start (/home/cuiziwei/vela/happy/nuttx/nuttx+0x32b401a) (BuildId: 33f8f7b361d44a008de87fea1bc970b22b48b700)

Signed-off-by: cuiziwei <[email protected]>
yangguangcai01 pushed a commit to yangguangcai01/nuttx that referenced this pull request Oct 16, 2024
RTOSXMDPYX-575

string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int'
    #0 0x48e77096 in strcpy string/lib_strcpy.c:87
    #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60
    apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186
    apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561
    apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677
    apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114
    apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356
    apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501
    apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72
    apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70
    apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112
    apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52

Change-Id: I6e969ce530edefdf4307d36dc6944dcf7ce5958f
Signed-off-by: yangguangcai <[email protected]>
yangguangcai01 pushed a commit to yangguangcai01/nuttx that referenced this pull request Oct 16, 2024
string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int'
    #0 0x48e77096 in strcpy string/lib_strcpy.c:87
    #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60
    apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186
    apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561
    apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677
    apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114
    apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356
    apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501
    apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72
    apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70
    apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112
    apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52

Signed-off-by: yangguangcai <[email protected]>
yangguangcai01 pushed a commit to yangguangcai01/nuttx that referenced this pull request Oct 16, 2024
string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int'
    #0 0x48e77096 in strcpy string/lib_strcpy.c:87
    #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60
    apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186
    apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561
    apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677
    apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114
    apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356
    apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501
    apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72
    apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70
    apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112
    apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52

Signed-off-by: yangguangcai <[email protected]>
yangguangcai01 pushed a commit to yangguangcai01/nuttx that referenced this pull request Oct 16, 2024
string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int'
    #0 0x48e77096 in strcpy string/lib_strcpy.c:87
    #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60
    apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186
    apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561
    apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677
    apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114
    apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356
    apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501
    apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72
    apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70
    apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112
    apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52

Signed-off-by: yangguangcai <[email protected]>
yangguangcai01 pushed a commit to yangguangcai01/nuttx that referenced this pull request Oct 16, 2024
string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int'
    #0 0x48e77096 in strcpy string/lib_strcpy.c:87
    #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60
    apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186
    apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561
    apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677
    apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114
    apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356
    apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501
    apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72
    apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70
    apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112
    apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52

Signed-off-by: yangguangcai <[email protected]>
yangguangcai01 pushed a commit to yangguangcai01/nuttx that referenced this pull request Oct 17, 2024
string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int'
    #0 0x48e77096 in strcpy string/lib_strcpy.c:87
    #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60
    apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186
    apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561
    apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677
    apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114
    apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356
    apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501
    apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72
    apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70
    apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112
    apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52

Signed-off-by: yangguangcai <[email protected]>
yangguangcai01 pushed a commit to yangguangcai01/nuttx that referenced this pull request Oct 17, 2024
string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int'
    #0 0x48e77096 in strcpy string/lib_strcpy.c:87
    #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60
    apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186
    apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561
    apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677
    apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114
    apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356
    apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501
    apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72
    apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70
    apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112
    apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52

Signed-off-by: yangguangcai <[email protected]>
yangguangcai01 pushed a commit to yangguangcai01/nuttx that referenced this pull request Oct 17, 2024
string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int'
    #0 0x48e77096 in strcpy string/lib_strcpy.c:87
    #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60
    apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186
    apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561
    apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677
    apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114
    apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356
    apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501
    apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72
    apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70
    apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112
    apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52

Signed-off-by: yangguangcai <[email protected]>
xiaoxiang781216 pushed a commit that referenced this pull request Oct 17, 2024
string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int'
    #0 0x48e77096 in strcpy string/lib_strcpy.c:87
    #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60
    #2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186
    #3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561
    #4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677
    #5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114
    #6 0x52cde739 in default_tts_vendor_get src/vendor.c:356
    #7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501
    #8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72
    #9 0x48bee720 in nxtask_startup sched/task_startup.c:70
    #10 0x48b41eb4 in nxtask_start task/task_start.c:112
    #11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52

Signed-off-by: yangguangcai <[email protected]>
pwnall pushed a commit to pwnall/nuttx that referenced this pull request Oct 23, 2024
Deadlock during recursive access if unionfs overlays procfs,
check the critical segment only and remove the useless protection part.

|#0  unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136
...
|apache#6  0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412
|apache#7  0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026

original call stack:
(gdb) bt
|#0  unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136
|apache#1  0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119
|apache#2  0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90
|apache#3  0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193
|apache#4  0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169
|apache#5  0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537
|apache#6  0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412
|apache#7  0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026
|apache#8  0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110
|apache#9  0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175
|apache#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206
|apache#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116
|apache#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73
|apache#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061
|apache#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741
|apache#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578
|apache#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662
|apache#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191
|apache#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115
|apache#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168
|apache#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165
|apache#21 0x08049713 in nxtask_start () at task/task_start.c:144
|apache#22 0x00000000 in ?? ()

Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca
Signed-off-by: chao.an <[email protected]>
pwnall pushed a commit to pwnall/nuttx that referenced this pull request Oct 23, 2024
VELAPLATFO-1585

==1598322==ERROR: AddressSanitizer: heap-use-after-free on address 0xf514f8a8 at pc 0x58ac3898 bp 0xd0b4d488 sp 0xd0b4d478
READ of size 4 at 0xf514f8a8 thread T0
    #0 0x58ac3897 in rpmsg_socket_pollnotify rpmsg/rpmsg_sockif.c:211
    apache#1 0x58ac512f in rpmsg_socket_ept_cb rpmsg/rpmsg_sockif.c:312
    apache#2 0x5787881c in rpmsg_virtio_rx_callback open-amp/lib/rpmsg/rpmsg_virtio.c:331
    apache#3 0x57886a67 in virtqueue_notification open-amp/lib/virtio/virtqueue.c:623
    apache#4 0x5786fb89 in rproc_virtio_notified open-amp/lib/remoteproc/remoteproc_virtio.c:340
    apache#5 0x5786bde3 in remoteproc_get_notification open-amp/lib/remoteproc/remoteproc.c:985
    apache#6 0x57755a50 in rptun_worker rptun/rptun.c:303
    apache#7 0x57755e51 in rptun_thread rptun/rptun.c:352
    apache#8 0x57730d4a in nxtask_start task/task_start.c:128
    apache#9 0xdeadbeee  (/memfd:pulseaudio (deleted)+0x15dbeee)

Change-Id: I29fc2ab82376ff6cd421fd383cdaa8ac85216364
Signed-off-by: ligd <[email protected]>
zhhyu7 added a commit to zhhyu7/incubator-nuttx that referenced this pull request Oct 29, 2024
current sizeof(struct sockaddr_in) is 66

arp/arp_table.c:241:28: runtime error: member access within misaligned address 0xe5f134e6 for type 'struct sockaddr_in', which requires 4 byte alignment
0xe5f134e6: note: pointer points here
 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00
             ^
    #0 0x543287c1 in arp_get_arpreq arp/arp_table.c:241
    #1 0x5432a11f in arp_snapshot arp/arp_table.c:574
    #2 0x5435f0be in netlink_fill_arptable netlink/netlink_route.c:547
    apache#3 0x5435ffca in netlink_get_neighbor netlink/netlink_route.c:715
    apache#4 0x54360116 in netlink_get_neighborlist netlink/netlink_route.c:743
    apache#5 0x54363b20 in netlink_route_sendto netlink/netlink_route.c:1382
    apache#6 0x542ef1b1 in netlink_sendmsg netlink/netlink_sockif.c:625
    apache#7 0x542be94d in psock_sendmsg socket/sendmsg.c:96
    apache#8 0x542bc94b in psock_sendto socket/sendto.c:134
    apache#9 0x542bcb28 in sendto socket/sendto.c:247
    apache#10 0x542bc5ea in send socket/send.c:163
    apache#11 0x542aa715 in netlib_get_arptable /home/mi/gaofengzhi/code/dev1025/apps/netutils/netlib/netlib_getarptab.c:152
    apache#12 0x54279109 in cmd_arp /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_netcmds.c:1197
    apache#13 0x54257faf in nsh_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_command.c:1263
    apache#14 0x54231982 in nsh_execute /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:718
    apache#15 0x5423da42 in nsh_parse_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2619
    apache#16 0x5423e12a in nsh_parse /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2706
    apache#17 0x5424088f in nsh_session /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_session.c:245
    apache#18 0x5422efc9 in nsh_consolemain /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_consolemain.c:75
    apache#19 0x5419e89f in nsh_main /home/mi/gaofengzhi/code/dev1025/apps/system/nsh/nsh_main.c:74
    apache#20 0x54067ee1 in nxtask_startup sched/task_startup.c:70
    apache#21 0x53f366c6 in nxtask_start task/task_start.c:116
    apache#22 0x5409e1a4 in pre_start sim/sim_initialstate.c:52

Signed-off-by: zhanghongyu <[email protected]>
zhhyu7 added a commit to zhhyu7/incubator-nuttx that referenced this pull request Oct 29, 2024
current sizeof(struct sockaddr_in) is 66

arp/arp_table.c:241:28: runtime error: member access within misaligned address 0xe5f134e6 for type 'struct sockaddr_in', which requires 4 byte alignment
0xe5f134e6: note: pointer points here
 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00
             ^
    #0 0x543287c1 in arp_get_arpreq arp/arp_table.c:241
    #1 0x5432a11f in arp_snapshot arp/arp_table.c:574
    #2 0x5435f0be in netlink_fill_arptable netlink/netlink_route.c:547
    apache#3 0x5435ffca in netlink_get_neighbor netlink/netlink_route.c:715
    apache#4 0x54360116 in netlink_get_neighborlist netlink/netlink_route.c:743
    apache#5 0x54363b20 in netlink_route_sendto netlink/netlink_route.c:1382
    apache#6 0x542ef1b1 in netlink_sendmsg netlink/netlink_sockif.c:625
    apache#7 0x542be94d in psock_sendmsg socket/sendmsg.c:96
    apache#8 0x542bc94b in psock_sendto socket/sendto.c:134
    apache#9 0x542bcb28 in sendto socket/sendto.c:247
    apache#10 0x542bc5ea in send socket/send.c:163
    apache#11 0x542aa715 in netlib_get_arptable /home/mi/gaofengzhi/code/dev1025/apps/netutils/netlib/netlib_getarptab.c:152
    apache#12 0x54279109 in cmd_arp /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_netcmds.c:1197
    apache#13 0x54257faf in nsh_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_command.c:1263
    apache#14 0x54231982 in nsh_execute /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:718
    apache#15 0x5423da42 in nsh_parse_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2619
    apache#16 0x5423e12a in nsh_parse /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2706
    apache#17 0x5424088f in nsh_session /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_session.c:245
    apache#18 0x5422efc9 in nsh_consolemain /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_consolemain.c:75
    apache#19 0x5419e89f in nsh_main /home/mi/gaofengzhi/code/dev1025/apps/system/nsh/nsh_main.c:74
    apache#20 0x54067ee1 in nxtask_startup sched/task_startup.c:70
    apache#21 0x53f366c6 in nxtask_start task/task_start.c:116
    apache#22 0x5409e1a4 in pre_start sim/sim_initialstate.c:52

Signed-off-by: zhanghongyu <[email protected]>
xiaoxiang781216 pushed a commit that referenced this pull request Oct 29, 2024
current sizeof(struct sockaddr_in) is 66

arp/arp_table.c:241:28: runtime error: member access within misaligned address 0xe5f134e6 for type 'struct sockaddr_in', which requires 4 byte alignment
0xe5f134e6: note: pointer points here
 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00
             ^
    #0 0x543287c1 in arp_get_arpreq arp/arp_table.c:241
    #1 0x5432a11f in arp_snapshot arp/arp_table.c:574
    #2 0x5435f0be in netlink_fill_arptable netlink/netlink_route.c:547
    #3 0x5435ffca in netlink_get_neighbor netlink/netlink_route.c:715
    #4 0x54360116 in netlink_get_neighborlist netlink/netlink_route.c:743
    #5 0x54363b20 in netlink_route_sendto netlink/netlink_route.c:1382
    #6 0x542ef1b1 in netlink_sendmsg netlink/netlink_sockif.c:625
    #7 0x542be94d in psock_sendmsg socket/sendmsg.c:96
    #8 0x542bc94b in psock_sendto socket/sendto.c:134
    #9 0x542bcb28 in sendto socket/sendto.c:247
    #10 0x542bc5ea in send socket/send.c:163
    #11 0x542aa715 in netlib_get_arptable /home/mi/gaofengzhi/code/dev1025/apps/netutils/netlib/netlib_getarptab.c:152
    #12 0x54279109 in cmd_arp /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_netcmds.c:1197
    #13 0x54257faf in nsh_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_command.c:1263
    #14 0x54231982 in nsh_execute /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:718
    #15 0x5423da42 in nsh_parse_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2619
    #16 0x5423e12a in nsh_parse /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2706
    #17 0x5424088f in nsh_session /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_session.c:245
    #18 0x5422efc9 in nsh_consolemain /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_consolemain.c:75
    #19 0x5419e89f in nsh_main /home/mi/gaofengzhi/code/dev1025/apps/system/nsh/nsh_main.c:74
    #20 0x54067ee1 in nxtask_startup sched/task_startup.c:70
    #21 0x53f366c6 in nxtask_start task/task_start.c:116
    #22 0x5409e1a4 in pre_start sim/sim_initialstate.c:52

Signed-off-by: zhanghongyu <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants