-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
devif_poll_tcp_timer shouldn't be skipped in the multiple card case #8
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
devif_timer will be called multiple time in one period if the multiple card exist, the elapsed time calculated for the first callback is right, but the flowing callback in the same period is wrong(very short) because the global variable g_polltimer is used in the calculation. so let's pass the delay time to devif_timer and remove g_polltimer. Change-Id: I6ac3d1135e08cc0f34c51916fa713bd6e6892d04 Signed-off-by: Xiang Xiao <[email protected]>
Correct if there is a problem. This is a duplicate of PR 4, correct. PR 4 was merged via patch. If there is more to be done. Please let me know. |
anchao
added a commit
to anchao/nuttx
that referenced
this pull request
Jun 15, 2020
ASAN trace: ... ==32087==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4502120 at pc 0x56673ca3 bp 0xff9b6a08 sp 0xff9b69f8 WRITE of size 1 at 0xf4502120 thread T0 #0 0x56673ca2 in strcpy string/lib_strcpy.c:64 0xf4502120 is located 0 bytes to the right of 8224-byte region [0xf4500100,0xf4502120) allocated by thread T0 here: #0 0xf7a60f54 in malloc (/usr/lib32/libasan.so.4+0xe5f54) #1 0x5667725d in up_create_stack sim/up_createstack.c:135 #2 0x56657ed8 in nxthread_create task/task_create.c:125 #3 0x566580bb in kthread_create task/task_create.c:297 #4 0x5665935f in work_start_highpri wqueue/kwork_hpthread.c:149 #5 0x56656f31 in nx_workqueues init/nx_bringup.c:181 #6 0x56656fc6 in nx_bringup init/nx_bringup.c:436 apache#7 0x56656e95 in nx_start init/nx_start.c:809 apache#8 0x566548d4 in main sim/up_head.c:95 apache#9 0xf763ae80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80) CALLSTACK: apache#8 0xf79de7a5 in __asan_report_store1 () from /usr/lib32/libasan.so.4 apache#9 0x565fd4d7 in strcpy (dest=0xf4a02121 "", src=0xf5c00895 "k") at string/lib_strcpy.c:64 apache#10 0x565e4eb2 in nxtask_setup_stackargs (tcb=0xf5c00810, argv=0x0) at task/task_setup.c:570 apache#11 0x565e50ff in nxtask_setup_arguments (tcb=0xf5c00810, name=0x5679e580 "hpwork", argv=0x0) at task/task_setup.c:714 apache#12 0x565e414e in nxthread_create (name=0x5679e580 "hpwork", ttype=2 '\002', priority=224, stack=0x0, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:143 apache#13 0x565e42e3 in kthread_create (name=0x5679e580 "hpwork", priority=224, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:297 apache#14 0x565e5557 in work_start_highpri () at wqueue/kwork_hpthread.c:149 apache#15 0x565e3e32 in nx_workqueues () at init/nx_bringup.c:181 apache#16 0x565e3ec7 in nx_bringup () at init/nx_bringup.c:436 apache#17 0x565e3d96 in nx_start () at init/nx_start.c:809 apache#18 0x565e3195 in main (argc=1, argv=0xffe6b954, envp=0xffe6b95c) at sim/up_head.c:95 Change-Id: I096f7952aae67d055daa737e967242eb217ef8ac Signed-off-by: chao.an <[email protected]>
patacongo
pushed a commit
that referenced
this pull request
Jun 15, 2020
ASAN trace: ... ==32087==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4502120 at pc 0x56673ca3 bp 0xff9b6a08 sp 0xff9b69f8 WRITE of size 1 at 0xf4502120 thread T0 #0 0x56673ca2 in strcpy string/lib_strcpy.c:64 0xf4502120 is located 0 bytes to the right of 8224-byte region [0xf4500100,0xf4502120) allocated by thread T0 here: #0 0xf7a60f54 in malloc (/usr/lib32/libasan.so.4+0xe5f54) #1 0x5667725d in up_create_stack sim/up_createstack.c:135 #2 0x56657ed8 in nxthread_create task/task_create.c:125 #3 0x566580bb in kthread_create task/task_create.c:297 #4 0x5665935f in work_start_highpri wqueue/kwork_hpthread.c:149 #5 0x56656f31 in nx_workqueues init/nx_bringup.c:181 #6 0x56656fc6 in nx_bringup init/nx_bringup.c:436 #7 0x56656e95 in nx_start init/nx_start.c:809 #8 0x566548d4 in main sim/up_head.c:95 #9 0xf763ae80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80) CALLSTACK: #8 0xf79de7a5 in __asan_report_store1 () from /usr/lib32/libasan.so.4 #9 0x565fd4d7 in strcpy (dest=0xf4a02121 "", src=0xf5c00895 "k") at string/lib_strcpy.c:64 #10 0x565e4eb2 in nxtask_setup_stackargs (tcb=0xf5c00810, argv=0x0) at task/task_setup.c:570 #11 0x565e50ff in nxtask_setup_arguments (tcb=0xf5c00810, name=0x5679e580 "hpwork", argv=0x0) at task/task_setup.c:714 #12 0x565e414e in nxthread_create (name=0x5679e580 "hpwork", ttype=2 '\002', priority=224, stack=0x0, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:143 #13 0x565e42e3 in kthread_create (name=0x5679e580 "hpwork", priority=224, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:297 #14 0x565e5557 in work_start_highpri () at wqueue/kwork_hpthread.c:149 #15 0x565e3e32 in nx_workqueues () at init/nx_bringup.c:181 #16 0x565e3ec7 in nx_bringup () at init/nx_bringup.c:436 #17 0x565e3d96 in nx_start () at init/nx_start.c:809 #18 0x565e3195 in main (argc=1, argv=0xffe6b954, envp=0xffe6b95c) at sim/up_head.c:95 Change-Id: I096f7952aae67d055daa737e967242eb217ef8ac Signed-off-by: chao.an <[email protected]>
yamt
added a commit
to yamt/incubator-nuttx
that referenced
this pull request
Sep 1, 2020
Note: dlsymtab is not in standards. but just in case. (gdb) bt #0 getpid () at task/task_getpid.c:91 apache#1 0x00000000004fbc9d in modlib_registry_lock () at modlib/modlib_registry.c:89 apache#2 0x0000000000719ee0 in modsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at module/mod_modsym.c:92 apache#3 0x000000000071597d in dlsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at dlfcn/lib_dlsym.c:164 apache#4 0x00007fa7ebdbeb39 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 apache#5 0x00007fa7ebd79b28 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 apache#6 0x00007fa7ebd9d7a7 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 apache#7 0x00007fa7ec6ce03a in ?? () from /lib64/ld-linux-x86-64.so.2 apache#8 0x00007fa7ec6ce141 in ?? () from /lib64/ld-linux-x86-64.so.2 apache#9 0x00007fa7ec6be13a in ?? () from /lib64/ld-linux-x86-64.so.2 apache#10 0x0000000000000001 in ?? () apache#11 0x00007fff028f686b in ?? () apache#12 0x0000000000000000 in ?? () (gdb) quit
xiaoxiang781216
pushed a commit
that referenced
this pull request
Sep 1, 2020
Note: dlsymtab is not in standards. but just in case. (gdb) bt #0 getpid () at task/task_getpid.c:91 #1 0x00000000004fbc9d in modlib_registry_lock () at modlib/modlib_registry.c:89 #2 0x0000000000719ee0 in modsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at module/mod_modsym.c:92 #3 0x000000000071597d in dlsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at dlfcn/lib_dlsym.c:164 #4 0x00007fa7ebdbeb39 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 #5 0x00007fa7ebd79b28 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 #6 0x00007fa7ebd9d7a7 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 #7 0x00007fa7ec6ce03a in ?? () from /lib64/ld-linux-x86-64.so.2 #8 0x00007fa7ec6ce141 in ?? () from /lib64/ld-linux-x86-64.so.2 #9 0x00007fa7ec6be13a in ?? () from /lib64/ld-linux-x86-64.so.2 #10 0x0000000000000001 in ?? () #11 0x00007fff028f686b in ?? () #12 0x0000000000000000 in ?? () (gdb) quit
yamt
added a commit
to yamt/incubator-nuttx
that referenced
this pull request
Sep 17, 2020
This reverts commit 21cff9f. It broke sim on macOS. In the following backtrace, the host socket() should be used instead of nuttx's. (lldb) bt * thread apache#1, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1 * frame #0: 0x00000001000f5391 nuttx`socket(domain=1, type=1, protocol=0) at socket.c:192:12 frame apache#1: 0x000000010012b682 nuttx`vpnkit_connect at up_vpnkit.c:75:8 frame apache#2: 0x000000010012b60b nuttx`vpnkit_init at up_vpnkit.c:136:3 frame apache#3: 0x0000000100034b56 nuttx`netdriver_init at up_netdriver.c:334:3 frame apache#4: 0x0000000100033294 nuttx`up_initialize at up_initialize.c:260:3 frame apache#5: 0x00000001000031e3 nuttx`nx_start at nx_start.c:701:3 frame apache#6: 0x0000000100000b12 nuttx`main(argc=1, argv=0x00007ffeefbfd6c8, envp=0x00007ffeefbfd6d8) at up_head.c:96:7 frame apache#7: 0x00007fff7831b3d5 libdyld.dylib`start + 1 frame apache#8: 0x00007fff7831b3d5 libdyld.dylib`start + 1 (lldb)
Closed
anchao
added a commit
to anchao/nuttx
that referenced
this pull request
Nov 9, 2020
(gdb) b longjmp Breakpoint 1 at 0x8270 (gdb) r Starting program: /home/chao/code/m3/nuttx/nuttx [ 0.000000] Assertion failed at file:task/task_onexit.c line: 99 Breakpoint 1, 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 (gdb) (gdb) bt |#0 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 |#1 0xf7f9c3dc in siglongjmp_alias () from /lib/i386-linux-gnu/libpthread.so.0 |#2 0x5655d668 in up_assert (filename=0x56641018 "task/task_onexit.c", line=99) at sim/up_head.c:132 |#3 0x56567413 in _assert (filename=0x56641018 "task/task_onexit.c", linenum=99) at assert/lib_assert.c:36 |#4 0x565f8cfd in on_exit (func=0x565f8c12 <exitfunc>, arg=0x565fd780 <simuart_restoremode>) at task/task_onexit.c:99 |#5 0x565f8c89 in atexit (func=0x565fd780 <simuart_restoremode>) at task/task_atexit.c:109 |#6 0x565fd819 in simuart_start () at sim/up_simuart.c:112 |apache#7 0x5656c844 in up_uartinit () at sim/up_uart.c:496 |apache#8 0x5656ba7a in up_initialize () at sim/up_initialize.c:234 |apache#9 0x5655da56 in nx_start () at init/nx_start.c:701 |apache#10 0x5655d5e9 in main (argc=1, argv=0xffffd6f4, envp=0xffffd6fc) at sim/up_head.c:96 Change-Id: Ifd7196b2de7bf9fc7cea764c19a5c0eacf08fdb6 Signed-off-by: chao.an <[email protected]>
acassis
pushed a commit
that referenced
this pull request
Nov 9, 2020
(gdb) b longjmp Breakpoint 1 at 0x8270 (gdb) r Starting program: /home/chao/code/m3/nuttx/nuttx [ 0.000000] Assertion failed at file:task/task_onexit.c line: 99 Breakpoint 1, 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 (gdb) (gdb) bt |#0 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 |#1 0xf7f9c3dc in siglongjmp_alias () from /lib/i386-linux-gnu/libpthread.so.0 |#2 0x5655d668 in up_assert (filename=0x56641018 "task/task_onexit.c", line=99) at sim/up_head.c:132 |#3 0x56567413 in _assert (filename=0x56641018 "task/task_onexit.c", linenum=99) at assert/lib_assert.c:36 |#4 0x565f8cfd in on_exit (func=0x565f8c12 <exitfunc>, arg=0x565fd780 <simuart_restoremode>) at task/task_onexit.c:99 |#5 0x565f8c89 in atexit (func=0x565fd780 <simuart_restoremode>) at task/task_atexit.c:109 |#6 0x565fd819 in simuart_start () at sim/up_simuart.c:112 |#7 0x5656c844 in up_uartinit () at sim/up_uart.c:496 |#8 0x5656ba7a in up_initialize () at sim/up_initialize.c:234 |#9 0x5655da56 in nx_start () at init/nx_start.c:701 |#10 0x5655d5e9 in main (argc=1, argv=0xffffd6f4, envp=0xffffd6fc) at sim/up_head.c:96 Change-Id: Ifd7196b2de7bf9fc7cea764c19a5c0eacf08fdb6 Signed-off-by: chao.an <[email protected]>
anchao
added a commit
to anchao/nuttx
that referenced
this pull request
Dec 14, 2020
Deadlock during recursive access if unionfs overlays procfs, check the critical segment only and remove the useless protection part. |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 ... |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |apache#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 original call stack: (gdb) bt |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 |#1 0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119 |#2 0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90 |#3 0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193 |#4 0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169 |#5 0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537 |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |apache#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 |apache#8 0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110 |apache#9 0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175 |apache#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206 |apache#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116 |apache#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73 |apache#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061 |apache#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741 |apache#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578 |apache#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662 |apache#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191 |apache#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115 |apache#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168 |apache#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165 |apache#21 0x08049713 in nxtask_start () at task/task_start.c:144 |apache#22 0x00000000 in ?? () Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca Signed-off-by: chao.an <[email protected]>
anchao
added a commit
to anchao/nuttx
that referenced
this pull request
Dec 14, 2020
Deadlock during recursive access if unionfs overlays procfs, check the critical segment only and remove the useless protection part. |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 ... |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |apache#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 original call stack: (gdb) bt |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 |#1 0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119 |#2 0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90 |#3 0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193 |#4 0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169 |#5 0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537 |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |apache#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 |apache#8 0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110 |apache#9 0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175 |apache#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206 |apache#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116 |apache#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73 |apache#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061 |apache#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741 |apache#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578 |apache#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662 |apache#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191 |apache#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115 |apache#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168 |apache#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165 |apache#21 0x08049713 in nxtask_start () at task/task_start.c:144 |apache#22 0x00000000 in ?? () Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca Signed-off-by: chao.an <[email protected]>
xiaoxiang781216
pushed a commit
that referenced
this pull request
Dec 15, 2020
Deadlock during recursive access if unionfs overlays procfs, check the critical segment only and remove the useless protection part. |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 ... |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 original call stack: (gdb) bt |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 |#1 0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119 |#2 0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90 |#3 0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193 |#4 0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169 |#5 0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537 |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 |#8 0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110 |#9 0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175 |#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206 |#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116 |#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73 |#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061 |#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741 |#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578 |#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662 |#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191 |#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115 |#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168 |#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165 |#21 0x08049713 in nxtask_start () at task/task_start.c:144 |#22 0x00000000 in ?? () Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca Signed-off-by: chao.an <[email protected]>
yamt
added a commit
to yamt/incubator-nuttx
that referenced
this pull request
Mar 23, 2021
``` Program received signal SIGSEGV, Segmentation fault. getpid () at task/task_getpid.c:76 76 task/task_getpid.c: No such file or directory. rax 0x2feeb4 3141300 rbx 0xc53f83 12926851 rcx 0x6837665ee4c00 1833394399759360 rdx 0x472080 4661376 rsi 0xc53f83 12926851 rdi 0xffffffffffffffff -1 rbp 0x7ffe4cdfe140 0x7ffe4cdfe140 rsp 0x7ffe4cdfe0f0 0x7ffe4cdfe0f0 r8 0xffffffffffffffff -1 r9 0x0 0 r10 0x22 34 r11 0x246 582 r12 0x472080 4661376 r13 0x7ffe4cdfe3e8 140730188162024 r14 0x472080 4661376 r15 0xf60398 16122776 rip 0x4e9b93 0x4e9b93 <getpid+35> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 #0 getpid () at task/task_getpid.c:76 apache#1 0x00000000006ad25a in modlib_registry_lock () at modlib/modlib_registry.c:89 apache#2 0x0000000000c3648d in modsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at module/mod_modsym.c:77 apache#3 0x0000000000c2cd3a in dlsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at dlfcn/lib_dlsym.c:149 apache#4 0x00000000004a0034 in __interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long) () apache#5 0x000000000048181e in InitializeCommonInterceptors() () apache#6 0x000000000048106a in __asan::InitializeAsanInterceptors() () apache#7 0x000000000049b85e in __asan::AsanInitInternal() () apache#8 0x00007f09cfb04ce6 in ?? () from /lib64/ld-linux-x86-64.so.2 apache#9 0x00007f09cfaf413a in ?? () from /lib64/ld-linux-x86-64.so.2 apache#10 0x0000000000000001 in ?? () apache#11 0x00007ffe4cdfff56 in ?? () apache#12 0x0000000000000000 in ?? () ```
yamt
added a commit
to yamt/incubator-nuttx
that referenced
this pull request
Mar 23, 2021
Fixes the following crash with CONFIG_SIM_SANITIZE=y on Linux. ``` Program received signal SIGSEGV, Segmentation fault. getpid () at task/task_getpid.c:76 76 task/task_getpid.c: No such file or directory. rax 0x2feeb4 3141300 rbx 0xc53f83 12926851 rcx 0x6837665ee4c00 1833394399759360 rdx 0x472080 4661376 rsi 0xc53f83 12926851 rdi 0xffffffffffffffff -1 rbp 0x7ffe4cdfe140 0x7ffe4cdfe140 rsp 0x7ffe4cdfe0f0 0x7ffe4cdfe0f0 r8 0xffffffffffffffff -1 r9 0x0 0 r10 0x22 34 r11 0x246 582 r12 0x472080 4661376 r13 0x7ffe4cdfe3e8 140730188162024 r14 0x472080 4661376 r15 0xf60398 16122776 rip 0x4e9b93 0x4e9b93 <getpid+35> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 #0 getpid () at task/task_getpid.c:76 apache#1 0x00000000006ad25a in modlib_registry_lock () at modlib/modlib_registry.c:89 apache#2 0x0000000000c3648d in modsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at module/mod_modsym.c:77 apache#3 0x0000000000c2cd3a in dlsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at dlfcn/lib_dlsym.c:149 apache#4 0x00000000004a0034 in __interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long) () apache#5 0x000000000048181e in InitializeCommonInterceptors() () apache#6 0x000000000048106a in __asan::InitializeAsanInterceptors() () apache#7 0x000000000049b85e in __asan::AsanInitInternal() () apache#8 0x00007f09cfb04ce6 in ?? () from /lib64/ld-linux-x86-64.so.2 apache#9 0x00007f09cfaf413a in ?? () from /lib64/ld-linux-x86-64.so.2 apache#10 0x0000000000000001 in ?? () apache#11 0x00007ffe4cdfff56 in ?? () apache#12 0x0000000000000000 in ?? () ```
xiaoxiang781216
pushed a commit
that referenced
this pull request
Mar 23, 2021
Fixes the following crash with CONFIG_SIM_SANITIZE=y on Linux. ``` Program received signal SIGSEGV, Segmentation fault. getpid () at task/task_getpid.c:76 76 task/task_getpid.c: No such file or directory. rax 0x2feeb4 3141300 rbx 0xc53f83 12926851 rcx 0x6837665ee4c00 1833394399759360 rdx 0x472080 4661376 rsi 0xc53f83 12926851 rdi 0xffffffffffffffff -1 rbp 0x7ffe4cdfe140 0x7ffe4cdfe140 rsp 0x7ffe4cdfe0f0 0x7ffe4cdfe0f0 r8 0xffffffffffffffff -1 r9 0x0 0 r10 0x22 34 r11 0x246 582 r12 0x472080 4661376 r13 0x7ffe4cdfe3e8 140730188162024 r14 0x472080 4661376 r15 0xf60398 16122776 rip 0x4e9b93 0x4e9b93 <getpid+35> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 #0 getpid () at task/task_getpid.c:76 #1 0x00000000006ad25a in modlib_registry_lock () at modlib/modlib_registry.c:89 #2 0x0000000000c3648d in modsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at module/mod_modsym.c:77 #3 0x0000000000c2cd3a in dlsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at dlfcn/lib_dlsym.c:149 #4 0x00000000004a0034 in __interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long) () #5 0x000000000048181e in InitializeCommonInterceptors() () #6 0x000000000048106a in __asan::InitializeAsanInterceptors() () #7 0x000000000049b85e in __asan::AsanInitInternal() () #8 0x00007f09cfb04ce6 in ?? () from /lib64/ld-linux-x86-64.so.2 #9 0x00007f09cfaf413a in ?? () from /lib64/ld-linux-x86-64.so.2 #10 0x0000000000000001 in ?? () #11 0x00007ffe4cdfff56 in ?? () #12 0x0000000000000000 in ?? () ```
yamt
added a commit
to yamt/incubator-nuttx
that referenced
this pull request
Apr 16, 2021
This reverts commit 2335b69. It seems that the commit is question broke sim/Linux and sim/macOS. Both of the following crashes are fixed by this revert. My app running with sim/Linux started crashing with the commit. ``` Program received signal SIGSEGV, Segmentation fault. 0x00000000004583ad in snprintf (buf=0x7f6260682b30 "\020", size=140060500962096, format=0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff>) at stdio/lib_snprintf.c:41 41 stdio/lib_snprintf.c: No such file or directory. rax 0x0 0 rbx 0x0 0 rcx 0x1 1 rdx 0x5515d0 5576144 rsi 0x10 16 rdi 0x7f6260682858 140060500961368 rbp 0x7f6260682808 0x7f6260682808 rsp 0x7f6260682628 0x7f6260682628 r8 0x7f62606825e0 140060500960736 r9 0x0 0 r10 0x8 8 r11 0x246 582 r12 0x0 0 r13 0x0 0 r14 0x0 0 r15 0x0 0 rip 0x4583ad 0x4583ad <snprintf+13> eflags 0x10246 [ PF ZF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 ``` sim:ostest on macOS crashes like the following. ``` spacetanuki% lldb ./nuttx (lldb) target create "./nuttx" Current executable set to './nuttx' (x86_64). (lldb) run Process 67434 launched: '/Users/yamamoto/git/nuttx/nuttx/nuttx' (x86_64) Process 67434 stopped * thread apache#1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x00007fff6f1633a6 libdyld.dylib`stack_not_16_byte_aligned_error libdyld.dylib`stack_not_16_byte_aligned_error: -> 0x7fff6f1633a6 <+0>: movdqa %xmm0, (%rsp) 0x7fff6f1633ab <+5>: int3 libdyld.dylib`_dyld_fast_stub_entry: 0x7fff6f1633ac <+0>: pushq %rbp 0x7fff6f1633ad <+1>: movq %rsp, %rbp Target 0: (nuttx) stopped. (lldb) bt * thread apache#1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) * frame #0: 0x00007fff6f1633a6 libdyld.dylib`stack_not_16_byte_aligned_error frame apache#1: 0x0000000101002048 frame apache#2: 0x000000010001682d nuttx`tty_send(dev=0x000000010002f370, ch=115) at up_uart.c:447:3 frame apache#3: 0x000000010000d7df nuttx`uart_xmitchars(dev=0x000000010002f370) at serial_io.c:68:7 frame apache#4: 0x0000000100016a95 nuttx`tty_txint(dev=0x000000010002f370, enable='\x01') at up_uart.c:462:7 frame apache#5: 0x000000010000ce48 nuttx`uart_write(filep=0x00000001010011e8, buffer="", buflen=0) at serial.c:1260:7 frame apache#6: 0x0000000100024ef3 nuttx`file_write(filep=0x00000001010011e8, buf=0x0000000100027a30, nbytes=23) at fs_write.c:89:10 frame apache#7: 0x0000000100024f6a nuttx`nx_write(fd=1, buf=0x0000000100027a30, nbytes=23) at fs_write.c:138:13 frame apache#8: 0x0000000100024fab nuttx`file_write(filep=0x0000000100027a30, buf=0x0000000000000017, nbytes=0) at fs_write.c:76:7 frame apache#9: 0x000000010002215e nuttx`stdio_test at ostest_main.c:574:3 frame apache#10: 0x0000000100021f1b nuttx`ostest_main(argc=1, argv=0x0000000101001300) at ostest_main.c:602:3 frame apache#11: 0x000000010000ff05 nuttx`nxtask_startup(entrypt=(nuttx`ostest_main at ostest_main.c:592), argc=1, argv=0x0000000101001300) at task_startup.c:150:8 frame apache#12: 0x000000010000a580 nuttx`nxtask_start at task_start.c:129:7 (lldb) ```
davids5
added a commit
to nuttx-to-asf/incubator-nuttx
that referenced
this pull request
May 19, 2021
Broken by 635cfa. On an stm32 the heap is formed from const uintptr_t g_idle_topstack = HEAP_BASE; where HEAP_BASE is &_bss + CONFIG_IDLE_STACKSIZE. Both these values are not deterministic. One comes from the compiler, the other the system configurator. a 3 byte bss and 250 byte stack would lead to and unaligned address used as the heap to be. The compiler used clever `strd r1,r3,[r5,apache#8]` to store 2 values in one memory cycle into the heap_impl struct. Resulting in a hardfault. Change the amount of bss or the CONFIG_IDLE_STACKSIZE could lead to a non-functional NuttX system.
xiaoxiang781216
pushed a commit
that referenced
this pull request
May 20, 2021
Broken by 635cfa. On an stm32 the heap is formed from const uintptr_t g_idle_topstack = HEAP_BASE; where HEAP_BASE is &_bss + CONFIG_IDLE_STACKSIZE. Both these values are not deterministic. One comes from the compiler, the other the system configurator. a 3 byte bss and 250 byte stack would lead to and unaligned address used as the heap to be. The compiler used clever `strd r1,r3,[r5,#8]` to store 2 values in one memory cycle into the heap_impl struct. Resulting in a hardfault. Change the amount of bss or the CONFIG_IDLE_STACKSIZE could lead to a non-functional NuttX system.
antmerlino
pushed a commit
to antmerlino/incubator-nuttx
that referenced
this pull request
Jun 2, 2021
Sensors: fixes at30ts74 register configuration during driver registration Approved-by: Tony Samaritano <[email protected]>
GUIDINGLI
added a commit
to GUIDINGLI/incubator-nuttx
that referenced
this pull request
Mar 28, 2022
==1598322==ERROR: AddressSanitizer: heap-use-after-free on address 0xf514f8a8 at pc 0x58ac3898 bp 0xd0b4d488 sp 0xd0b4d478 READ of size 4 at 0xf514f8a8 thread T0 #0 0x58ac3897 in rpmsg_socket_pollnotify rpmsg/rpmsg_sockif.c:211 #1 0x58ac512f in rpmsg_socket_ept_cb rpmsg/rpmsg_sockif.c:312 #2 0x5787881c in rpmsg_virtio_rx_callback open-amp/lib/rpmsg/rpmsg_virtio.c:331 apache#3 0x57886a67 in virtqueue_notification open-amp/lib/virtio/virtqueue.c:623 apache#4 0x5786fb89 in rproc_virtio_notified open-amp/lib/remoteproc/remoteproc_virtio.c:340 apache#5 0x5786bde3 in remoteproc_get_notification open-amp/lib/remoteproc/remoteproc.c:985 apache#6 0x57755a50 in rptun_worker rptun/rptun.c:303 apache#7 0x57755e51 in rptun_thread rptun/rptun.c:352 apache#8 0x57730d4a in nxtask_start task/task_start.c:128 apache#9 0xdeadbeee (/memfd:pulseaudio (deleted)+0x15dbeee) Signed-off-by: ligd <[email protected]>
xiaoxiang781216
pushed a commit
that referenced
this pull request
Mar 29, 2022
==1598322==ERROR: AddressSanitizer: heap-use-after-free on address 0xf514f8a8 at pc 0x58ac3898 bp 0xd0b4d488 sp 0xd0b4d478 READ of size 4 at 0xf514f8a8 thread T0 #0 0x58ac3897 in rpmsg_socket_pollnotify rpmsg/rpmsg_sockif.c:211 #1 0x58ac512f in rpmsg_socket_ept_cb rpmsg/rpmsg_sockif.c:312 #2 0x5787881c in rpmsg_virtio_rx_callback open-amp/lib/rpmsg/rpmsg_virtio.c:331 #3 0x57886a67 in virtqueue_notification open-amp/lib/virtio/virtqueue.c:623 #4 0x5786fb89 in rproc_virtio_notified open-amp/lib/remoteproc/remoteproc_virtio.c:340 #5 0x5786bde3 in remoteproc_get_notification open-amp/lib/remoteproc/remoteproc.c:985 #6 0x57755a50 in rptun_worker rptun/rptun.c:303 #7 0x57755e51 in rptun_thread rptun/rptun.c:352 #8 0x57730d4a in nxtask_start task/task_start.c:128 #9 0xdeadbeee (/memfd:pulseaudio (deleted)+0x15dbeee) Signed-off-by: ligd <[email protected]>
xiaoxiang781216
pushed a commit
that referenced
this pull request
Sep 10, 2024
The expression "sub x0, x0, #8 * XCPTCONTEXT_GP_REGS" is void, as the next instruction overwrites x0 anyway.
medexs
pushed a commit
to medexs/nuttx
that referenced
this pull request
Sep 19, 2024
The expression "sub x0, x0, apache#8 * XCPTCONTEXT_GP_REGS" is void, as the next instruction overwrites x0 anyway.
jasonbu
pushed a commit
to jasonbu/nuttx
that referenced
this pull request
Sep 27, 2024
ap> cat pm ================================================================= ==30235==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf436edd9 at pc 0x03338a48 bp 0x9d1b6ca8 sp 0x9d1b6c98 READ of size 1 at 0xf436edd9 thread T0 #0 0x3338a47 in strncmp string/lib_strncmp.c:42 apache#1 0x371af87 in pm_get_file_index power/pm/pm_procfs.c:174 apache#2 0x371b066 in pm_open power/pm/pm_procfs.c:207 apache#3 0x3640d20 in procfs_open procfs/fs_procfs.c:419 apache#4 0x359bce2 in file_vopen vfs/fs_open.c:240 apache#5 0x359c431 in nx_vopen vfs/fs_open.c:312 apache#6 0x359cb53 in open vfs/fs_open.c:465 apache#7 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140 apache#8 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556 apache#9 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164 apache#10 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845 apache#11 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744 apache#12 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828 apache#13 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245 apache#14 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75 apache#15 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74 apache#16 0x332b6e6 in nxtask_startup sched/task_startup.c:70 apache#17 0x323ec3f in nxtask_start task/task_start.c:134 apache#18 0x33636ea in pre_start sim/sim_initialstate.c:52 ap> cat net ================================================================= ==30303==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4479a5a at pc 0x03338a48 bp 0x9d2b6ce8 sp 0x9d2b6cd8 READ of size 1 at 0xf4479a5a thread T0 #0 0x3338a47 in strncmp string/lib_strncmp.c:42 apache#1 0x5395d62 in netprocfs_open procfs/net_procfs.c:215 apache#2 0x3640d20 in procfs_open procfs/fs_procfs.c:419 apache#3 0x359bce2 in file_vopen vfs/fs_open.c:240 apache#4 0x359c431 in nx_vopen vfs/fs_open.c:312 apache#5 0x359cb53 in open vfs/fs_open.c:465 apache#6 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140 apache#7 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556 apache#8 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164 apache#9 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845 apache#10 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744 apache#11 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828 apache#12 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245 apache#13 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75 apache#14 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74 apache#15 0x332b6e6 in nxtask_startup sched/task_startup.c:70 apache#16 0x323ec3f in nxtask_start task/task_start.c:134 apache#17 0x33636ea in pre_start sim/sim_initialstate.c:52 Signed-off-by: dulibo1 <[email protected]> Signed-off-by: buxiasen <[email protected]>
xiaoxiang781216
pushed a commit
that referenced
this pull request
Sep 27, 2024
ap> cat pm ================================================================= ==30235==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf436edd9 at pc 0x03338a48 bp 0x9d1b6ca8 sp 0x9d1b6c98 READ of size 1 at 0xf436edd9 thread T0 #0 0x3338a47 in strncmp string/lib_strncmp.c:42 #1 0x371af87 in pm_get_file_index power/pm/pm_procfs.c:174 #2 0x371b066 in pm_open power/pm/pm_procfs.c:207 #3 0x3640d20 in procfs_open procfs/fs_procfs.c:419 #4 0x359bce2 in file_vopen vfs/fs_open.c:240 #5 0x359c431 in nx_vopen vfs/fs_open.c:312 #6 0x359cb53 in open vfs/fs_open.c:465 #7 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140 #8 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556 #9 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164 #10 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845 #11 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744 #12 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828 #13 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245 #14 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75 #15 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74 #16 0x332b6e6 in nxtask_startup sched/task_startup.c:70 #17 0x323ec3f in nxtask_start task/task_start.c:134 #18 0x33636ea in pre_start sim/sim_initialstate.c:52 ap> cat net ================================================================= ==30303==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4479a5a at pc 0x03338a48 bp 0x9d2b6ce8 sp 0x9d2b6cd8 READ of size 1 at 0xf4479a5a thread T0 #0 0x3338a47 in strncmp string/lib_strncmp.c:42 #1 0x5395d62 in netprocfs_open procfs/net_procfs.c:215 #2 0x3640d20 in procfs_open procfs/fs_procfs.c:419 #3 0x359bce2 in file_vopen vfs/fs_open.c:240 #4 0x359c431 in nx_vopen vfs/fs_open.c:312 #5 0x359cb53 in open vfs/fs_open.c:465 #6 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140 #7 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556 #8 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164 #9 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845 #10 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744 #11 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828 #12 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245 #13 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75 #14 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74 #15 0x332b6e6 in nxtask_startup sched/task_startup.c:70 #16 0x323ec3f in nxtask_start task/task_start.c:134 #17 0x33636ea in pre_start sim/sim_initialstate.c:52 Signed-off-by: dulibo1 <[email protected]> Signed-off-by: buxiasen <[email protected]>
kywwilson11
pushed a commit
to kywwilson11/nuttx
that referenced
this pull request
Sep 30, 2024
ap> cat pm ================================================================= ==30235==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf436edd9 at pc 0x03338a48 bp 0x9d1b6ca8 sp 0x9d1b6c98 READ of size 1 at 0xf436edd9 thread T0 #0 0x3338a47 in strncmp string/lib_strncmp.c:42 #1 0x371af87 in pm_get_file_index power/pm/pm_procfs.c:174 apache#2 0x371b066 in pm_open power/pm/pm_procfs.c:207 apache#3 0x3640d20 in procfs_open procfs/fs_procfs.c:419 apache#4 0x359bce2 in file_vopen vfs/fs_open.c:240 apache#5 0x359c431 in nx_vopen vfs/fs_open.c:312 apache#6 0x359cb53 in open vfs/fs_open.c:465 apache#7 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140 apache#8 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556 apache#9 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164 apache#10 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845 apache#11 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744 apache#12 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828 apache#13 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245 apache#14 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75 apache#15 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74 apache#16 0x332b6e6 in nxtask_startup sched/task_startup.c:70 apache#17 0x323ec3f in nxtask_start task/task_start.c:134 apache#18 0x33636ea in pre_start sim/sim_initialstate.c:52 ap> cat net ================================================================= ==30303==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4479a5a at pc 0x03338a48 bp 0x9d2b6ce8 sp 0x9d2b6cd8 READ of size 1 at 0xf4479a5a thread T0 #0 0x3338a47 in strncmp string/lib_strncmp.c:42 #1 0x5395d62 in netprocfs_open procfs/net_procfs.c:215 apache#2 0x3640d20 in procfs_open procfs/fs_procfs.c:419 apache#3 0x359bce2 in file_vopen vfs/fs_open.c:240 apache#4 0x359c431 in nx_vopen vfs/fs_open.c:312 apache#5 0x359cb53 in open vfs/fs_open.c:465 apache#6 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140 apache#7 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556 apache#8 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164 apache#9 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845 apache#10 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744 apache#11 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828 apache#12 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245 apache#13 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75 apache#14 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74 apache#15 0x332b6e6 in nxtask_startup sched/task_startup.c:70 apache#16 0x323ec3f in nxtask_start task/task_start.c:134 apache#17 0x33636ea in pre_start sim/sim_initialstate.c:52 Signed-off-by: dulibo1 <[email protected]> Signed-off-by: buxiasen <[email protected]>
Gary-Hobson
pushed a commit
to Gary-Hobson/nuttx
that referenced
this pull request
Oct 11, 2024
note/note_driver.c:1405:11: runtime error: null pointer passed as argument 2, which is declared to never be null #0 0x33bf5cc in sched_note_event_ip note/note_driver.c:1405 #1 0x33bfb57 in note_driver_instrument_enter note/note_initialize.c:55 #2 0x347b084 in __cyg_profile_func_enter misc/lib_instrument.c:68 #3 0x34179de in binder_initialize binder/binder.c:669 #4 0x339a936 in drivers_initialize /home/cuiziwei/vela/happy/nuttx/drivers/drivers_initialize.c:242 #5 0x335a179 in nx_start init/nx_start.c:632 #6 0x32f755c in main sim/sim_head.c:180 apache#7 0xf6821518 (/lib/i386-linux-gnu/libc.so.6+0x21518) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036) apache#8 0xf68215f2 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x215f2) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036) apache#9 0x32b401a in _start (/home/cuiziwei/vela/happy/nuttx/nuttx+0x32b401a) (BuildId: 33f8f7b361d44a008de87fea1bc970b22b48b700) Signed-off-by: cuiziwei <[email protected]>
Gary-Hobson
pushed a commit
to Gary-Hobson/nuttx
that referenced
this pull request
Oct 11, 2024
note/note_driver.c:1405:11: runtime error: null pointer passed as argument 2, which is declared to never be null #0 0x33bf5cc in sched_note_event_ip note/note_driver.c:1405 #1 0x33bfb57 in note_driver_instrument_enter note/note_initialize.c:55 #2 0x347b084 in __cyg_profile_func_enter misc/lib_instrument.c:68 #3 0x34179de in binder_initialize binder/binder.c:669 #4 0x339a936 in drivers_initialize /home/cuiziwei/vela/happy/nuttx/drivers/drivers_initialize.c:242 #5 0x335a179 in nx_start init/nx_start.c:632 #6 0x32f755c in main sim/sim_head.c:180 apache#7 0xf6821518 (/lib/i386-linux-gnu/libc.so.6+0x21518) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036) apache#8 0xf68215f2 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x215f2) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036) apache#9 0x32b401a in _start (/home/cuiziwei/vela/happy/nuttx/nuttx+0x32b401a) (BuildId: 33f8f7b361d44a008de87fea1bc970b22b48b700) Signed-off-by: cuiziwei <[email protected]>
Gary-Hobson
pushed a commit
to Gary-Hobson/nuttx
that referenced
this pull request
Oct 12, 2024
note/note_driver.c:1405:11: runtime error: null pointer passed as argument 2, which is declared to never be null #0 0x33bf5cc in sched_note_event_ip note/note_driver.c:1405 #1 0x33bfb57 in note_driver_instrument_enter note/note_initialize.c:55 #2 0x347b084 in __cyg_profile_func_enter misc/lib_instrument.c:68 #3 0x34179de in binder_initialize binder/binder.c:669 #4 0x339a936 in drivers_initialize /home/cuiziwei/vela/happy/nuttx/drivers/drivers_initialize.c:242 #5 0x335a179 in nx_start init/nx_start.c:632 #6 0x32f755c in main sim/sim_head.c:180 apache#7 0xf6821518 (/lib/i386-linux-gnu/libc.so.6+0x21518) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036) apache#8 0xf68215f2 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x215f2) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036) apache#9 0x32b401a in _start (/home/cuiziwei/vela/happy/nuttx/nuttx+0x32b401a) (BuildId: 33f8f7b361d44a008de87fea1bc970b22b48b700) Signed-off-by: cuiziwei <[email protected]>
Gary-Hobson
pushed a commit
to Gary-Hobson/nuttx
that referenced
this pull request
Oct 12, 2024
note/note_driver.c:1405:11: runtime error: null pointer passed as argument 2, which is declared to never be null #0 0x33bf5cc in sched_note_event_ip note/note_driver.c:1405 #1 0x33bfb57 in note_driver_instrument_enter note/note_initialize.c:55 #2 0x347b084 in __cyg_profile_func_enter misc/lib_instrument.c:68 #3 0x34179de in binder_initialize binder/binder.c:669 #4 0x339a936 in drivers_initialize /home/cuiziwei/vela/happy/nuttx/drivers/drivers_initialize.c:242 #5 0x335a179 in nx_start init/nx_start.c:632 #6 0x32f755c in main sim/sim_head.c:180 apache#7 0xf6821518 (/lib/i386-linux-gnu/libc.so.6+0x21518) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036) apache#8 0xf68215f2 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x215f2) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036) apache#9 0x32b401a in _start (/home/cuiziwei/vela/happy/nuttx/nuttx+0x32b401a) (BuildId: 33f8f7b361d44a008de87fea1bc970b22b48b700) Signed-off-by: cuiziwei <[email protected]>
Gary-Hobson
pushed a commit
to Gary-Hobson/nuttx
that referenced
this pull request
Oct 12, 2024
note/note_driver.c:1405:11: runtime error: null pointer passed as argument 2, which is declared to never be null #0 0x33bf5cc in sched_note_event_ip note/note_driver.c:1405 #1 0x33bfb57 in note_driver_instrument_enter note/note_initialize.c:55 #2 0x347b084 in __cyg_profile_func_enter misc/lib_instrument.c:68 #3 0x34179de in binder_initialize binder/binder.c:669 #4 0x339a936 in drivers_initialize /home/cuiziwei/vela/happy/nuttx/drivers/drivers_initialize.c:242 #5 0x335a179 in nx_start init/nx_start.c:632 #6 0x32f755c in main sim/sim_head.c:180 apache#7 0xf6821518 (/lib/i386-linux-gnu/libc.so.6+0x21518) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036) apache#8 0xf68215f2 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x215f2) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036) apache#9 0x32b401a in _start (/home/cuiziwei/vela/happy/nuttx/nuttx+0x32b401a) (BuildId: 33f8f7b361d44a008de87fea1bc970b22b48b700) Signed-off-by: cuiziwei <[email protected]>
xiaoxiang781216
pushed a commit
that referenced
this pull request
Oct 13, 2024
note/note_driver.c:1405:11: runtime error: null pointer passed as argument 2, which is declared to never be null #0 0x33bf5cc in sched_note_event_ip note/note_driver.c:1405 #1 0x33bfb57 in note_driver_instrument_enter note/note_initialize.c:55 #2 0x347b084 in __cyg_profile_func_enter misc/lib_instrument.c:68 #3 0x34179de in binder_initialize binder/binder.c:669 #4 0x339a936 in drivers_initialize /home/cuiziwei/vela/happy/nuttx/drivers/drivers_initialize.c:242 #5 0x335a179 in nx_start init/nx_start.c:632 #6 0x32f755c in main sim/sim_head.c:180 #7 0xf6821518 (/lib/i386-linux-gnu/libc.so.6+0x21518) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036) #8 0xf68215f2 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x215f2) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036) #9 0x32b401a in _start (/home/cuiziwei/vela/happy/nuttx/nuttx+0x32b401a) (BuildId: 33f8f7b361d44a008de87fea1bc970b22b48b700) Signed-off-by: cuiziwei <[email protected]>
yangguangcai01
pushed a commit
to yangguangcai01/nuttx
that referenced
this pull request
Oct 16, 2024
RTOSXMDPYX-575 string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int' #0 0x48e77096 in strcpy string/lib_strcpy.c:87 #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60 apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186 apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561 apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677 apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114 apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356 apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501 apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72 apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70 apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112 apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52 Change-Id: I6e969ce530edefdf4307d36dc6944dcf7ce5958f Signed-off-by: yangguangcai <[email protected]>
yangguangcai01
pushed a commit
to yangguangcai01/nuttx
that referenced
this pull request
Oct 16, 2024
string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int' #0 0x48e77096 in strcpy string/lib_strcpy.c:87 #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60 apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186 apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561 apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677 apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114 apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356 apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501 apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72 apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70 apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112 apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52 Signed-off-by: yangguangcai <[email protected]>
yangguangcai01
pushed a commit
to yangguangcai01/nuttx
that referenced
this pull request
Oct 16, 2024
string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int' #0 0x48e77096 in strcpy string/lib_strcpy.c:87 #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60 apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186 apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561 apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677 apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114 apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356 apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501 apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72 apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70 apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112 apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52 Signed-off-by: yangguangcai <[email protected]>
yangguangcai01
pushed a commit
to yangguangcai01/nuttx
that referenced
this pull request
Oct 16, 2024
string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int' #0 0x48e77096 in strcpy string/lib_strcpy.c:87 #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60 apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186 apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561 apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677 apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114 apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356 apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501 apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72 apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70 apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112 apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52 Signed-off-by: yangguangcai <[email protected]>
yangguangcai01
pushed a commit
to yangguangcai01/nuttx
that referenced
this pull request
Oct 16, 2024
string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int' #0 0x48e77096 in strcpy string/lib_strcpy.c:87 #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60 apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186 apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561 apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677 apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114 apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356 apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501 apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72 apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70 apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112 apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52 Signed-off-by: yangguangcai <[email protected]>
yangguangcai01
pushed a commit
to yangguangcai01/nuttx
that referenced
this pull request
Oct 17, 2024
string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int' #0 0x48e77096 in strcpy string/lib_strcpy.c:87 #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60 apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186 apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561 apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677 apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114 apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356 apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501 apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72 apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70 apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112 apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52 Signed-off-by: yangguangcai <[email protected]>
yangguangcai01
pushed a commit
to yangguangcai01/nuttx
that referenced
this pull request
Oct 17, 2024
string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int' #0 0x48e77096 in strcpy string/lib_strcpy.c:87 #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60 apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186 apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561 apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677 apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114 apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356 apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501 apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72 apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70 apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112 apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52 Signed-off-by: yangguangcai <[email protected]>
yangguangcai01
pushed a commit
to yangguangcai01/nuttx
that referenced
this pull request
Oct 17, 2024
string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int' #0 0x48e77096 in strcpy string/lib_strcpy.c:87 #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60 apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186 apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561 apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677 apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114 apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356 apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501 apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72 apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70 apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112 apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52 Signed-off-by: yangguangcai <[email protected]>
xiaoxiang781216
pushed a commit
that referenced
this pull request
Oct 17, 2024
string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int' #0 0x48e77096 in strcpy string/lib_strcpy.c:87 #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60 #2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186 #3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561 #4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677 #5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114 #6 0x52cde739 in default_tts_vendor_get src/vendor.c:356 #7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501 #8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72 #9 0x48bee720 in nxtask_startup sched/task_startup.c:70 #10 0x48b41eb4 in nxtask_start task/task_start.c:112 #11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52 Signed-off-by: yangguangcai <[email protected]>
pwnall
pushed a commit
to pwnall/nuttx
that referenced
this pull request
Oct 23, 2024
Deadlock during recursive access if unionfs overlays procfs, check the critical segment only and remove the useless protection part. |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 ... |apache#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |apache#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 original call stack: (gdb) bt |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 |apache#1 0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119 |apache#2 0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90 |apache#3 0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193 |apache#4 0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169 |apache#5 0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537 |apache#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |apache#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 |apache#8 0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110 |apache#9 0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175 |apache#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206 |apache#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116 |apache#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73 |apache#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061 |apache#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741 |apache#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578 |apache#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662 |apache#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191 |apache#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115 |apache#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168 |apache#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165 |apache#21 0x08049713 in nxtask_start () at task/task_start.c:144 |apache#22 0x00000000 in ?? () Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca Signed-off-by: chao.an <[email protected]>
pwnall
pushed a commit
to pwnall/nuttx
that referenced
this pull request
Oct 23, 2024
VELAPLATFO-1585 ==1598322==ERROR: AddressSanitizer: heap-use-after-free on address 0xf514f8a8 at pc 0x58ac3898 bp 0xd0b4d488 sp 0xd0b4d478 READ of size 4 at 0xf514f8a8 thread T0 #0 0x58ac3897 in rpmsg_socket_pollnotify rpmsg/rpmsg_sockif.c:211 apache#1 0x58ac512f in rpmsg_socket_ept_cb rpmsg/rpmsg_sockif.c:312 apache#2 0x5787881c in rpmsg_virtio_rx_callback open-amp/lib/rpmsg/rpmsg_virtio.c:331 apache#3 0x57886a67 in virtqueue_notification open-amp/lib/virtio/virtqueue.c:623 apache#4 0x5786fb89 in rproc_virtio_notified open-amp/lib/remoteproc/remoteproc_virtio.c:340 apache#5 0x5786bde3 in remoteproc_get_notification open-amp/lib/remoteproc/remoteproc.c:985 apache#6 0x57755a50 in rptun_worker rptun/rptun.c:303 apache#7 0x57755e51 in rptun_thread rptun/rptun.c:352 apache#8 0x57730d4a in nxtask_start task/task_start.c:128 apache#9 0xdeadbeee (/memfd:pulseaudio (deleted)+0x15dbeee) Change-Id: I29fc2ab82376ff6cd421fd383cdaa8ac85216364 Signed-off-by: ligd <[email protected]>
zhhyu7
added a commit
to zhhyu7/incubator-nuttx
that referenced
this pull request
Oct 29, 2024
current sizeof(struct sockaddr_in) is 66 arp/arp_table.c:241:28: runtime error: member access within misaligned address 0xe5f134e6 for type 'struct sockaddr_in', which requires 4 byte alignment 0xe5f134e6: note: pointer points here 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ #0 0x543287c1 in arp_get_arpreq arp/arp_table.c:241 #1 0x5432a11f in arp_snapshot arp/arp_table.c:574 #2 0x5435f0be in netlink_fill_arptable netlink/netlink_route.c:547 apache#3 0x5435ffca in netlink_get_neighbor netlink/netlink_route.c:715 apache#4 0x54360116 in netlink_get_neighborlist netlink/netlink_route.c:743 apache#5 0x54363b20 in netlink_route_sendto netlink/netlink_route.c:1382 apache#6 0x542ef1b1 in netlink_sendmsg netlink/netlink_sockif.c:625 apache#7 0x542be94d in psock_sendmsg socket/sendmsg.c:96 apache#8 0x542bc94b in psock_sendto socket/sendto.c:134 apache#9 0x542bcb28 in sendto socket/sendto.c:247 apache#10 0x542bc5ea in send socket/send.c:163 apache#11 0x542aa715 in netlib_get_arptable /home/mi/gaofengzhi/code/dev1025/apps/netutils/netlib/netlib_getarptab.c:152 apache#12 0x54279109 in cmd_arp /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_netcmds.c:1197 apache#13 0x54257faf in nsh_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_command.c:1263 apache#14 0x54231982 in nsh_execute /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:718 apache#15 0x5423da42 in nsh_parse_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2619 apache#16 0x5423e12a in nsh_parse /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2706 apache#17 0x5424088f in nsh_session /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_session.c:245 apache#18 0x5422efc9 in nsh_consolemain /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_consolemain.c:75 apache#19 0x5419e89f in nsh_main /home/mi/gaofengzhi/code/dev1025/apps/system/nsh/nsh_main.c:74 apache#20 0x54067ee1 in nxtask_startup sched/task_startup.c:70 apache#21 0x53f366c6 in nxtask_start task/task_start.c:116 apache#22 0x5409e1a4 in pre_start sim/sim_initialstate.c:52 Signed-off-by: zhanghongyu <[email protected]>
zhhyu7
added a commit
to zhhyu7/incubator-nuttx
that referenced
this pull request
Oct 29, 2024
current sizeof(struct sockaddr_in) is 66 arp/arp_table.c:241:28: runtime error: member access within misaligned address 0xe5f134e6 for type 'struct sockaddr_in', which requires 4 byte alignment 0xe5f134e6: note: pointer points here 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ #0 0x543287c1 in arp_get_arpreq arp/arp_table.c:241 #1 0x5432a11f in arp_snapshot arp/arp_table.c:574 #2 0x5435f0be in netlink_fill_arptable netlink/netlink_route.c:547 apache#3 0x5435ffca in netlink_get_neighbor netlink/netlink_route.c:715 apache#4 0x54360116 in netlink_get_neighborlist netlink/netlink_route.c:743 apache#5 0x54363b20 in netlink_route_sendto netlink/netlink_route.c:1382 apache#6 0x542ef1b1 in netlink_sendmsg netlink/netlink_sockif.c:625 apache#7 0x542be94d in psock_sendmsg socket/sendmsg.c:96 apache#8 0x542bc94b in psock_sendto socket/sendto.c:134 apache#9 0x542bcb28 in sendto socket/sendto.c:247 apache#10 0x542bc5ea in send socket/send.c:163 apache#11 0x542aa715 in netlib_get_arptable /home/mi/gaofengzhi/code/dev1025/apps/netutils/netlib/netlib_getarptab.c:152 apache#12 0x54279109 in cmd_arp /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_netcmds.c:1197 apache#13 0x54257faf in nsh_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_command.c:1263 apache#14 0x54231982 in nsh_execute /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:718 apache#15 0x5423da42 in nsh_parse_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2619 apache#16 0x5423e12a in nsh_parse /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2706 apache#17 0x5424088f in nsh_session /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_session.c:245 apache#18 0x5422efc9 in nsh_consolemain /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_consolemain.c:75 apache#19 0x5419e89f in nsh_main /home/mi/gaofengzhi/code/dev1025/apps/system/nsh/nsh_main.c:74 apache#20 0x54067ee1 in nxtask_startup sched/task_startup.c:70 apache#21 0x53f366c6 in nxtask_start task/task_start.c:116 apache#22 0x5409e1a4 in pre_start sim/sim_initialstate.c:52 Signed-off-by: zhanghongyu <[email protected]>
xiaoxiang781216
pushed a commit
that referenced
this pull request
Oct 29, 2024
current sizeof(struct sockaddr_in) is 66 arp/arp_table.c:241:28: runtime error: member access within misaligned address 0xe5f134e6 for type 'struct sockaddr_in', which requires 4 byte alignment 0xe5f134e6: note: pointer points here 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ #0 0x543287c1 in arp_get_arpreq arp/arp_table.c:241 #1 0x5432a11f in arp_snapshot arp/arp_table.c:574 #2 0x5435f0be in netlink_fill_arptable netlink/netlink_route.c:547 #3 0x5435ffca in netlink_get_neighbor netlink/netlink_route.c:715 #4 0x54360116 in netlink_get_neighborlist netlink/netlink_route.c:743 #5 0x54363b20 in netlink_route_sendto netlink/netlink_route.c:1382 #6 0x542ef1b1 in netlink_sendmsg netlink/netlink_sockif.c:625 #7 0x542be94d in psock_sendmsg socket/sendmsg.c:96 #8 0x542bc94b in psock_sendto socket/sendto.c:134 #9 0x542bcb28 in sendto socket/sendto.c:247 #10 0x542bc5ea in send socket/send.c:163 #11 0x542aa715 in netlib_get_arptable /home/mi/gaofengzhi/code/dev1025/apps/netutils/netlib/netlib_getarptab.c:152 #12 0x54279109 in cmd_arp /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_netcmds.c:1197 #13 0x54257faf in nsh_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_command.c:1263 #14 0x54231982 in nsh_execute /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:718 #15 0x5423da42 in nsh_parse_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2619 #16 0x5423e12a in nsh_parse /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2706 #17 0x5424088f in nsh_session /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_session.c:245 #18 0x5422efc9 in nsh_consolemain /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_consolemain.c:75 #19 0x5419e89f in nsh_main /home/mi/gaofengzhi/code/dev1025/apps/system/nsh/nsh_main.c:74 #20 0x54067ee1 in nxtask_startup sched/task_startup.c:70 #21 0x53f366c6 in nxtask_start task/task_start.c:116 #22 0x5409e1a4 in pre_start sim/sim_initialstate.c:52 Signed-off-by: zhanghongyu <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
devif_timer will be called multiple time in one period if the multiple card exist,
the elapsed time calculated for the first callback is right, but the flowing callback
in the same period is wrong(very short) because the global variable g_polltimer is
used in the calculation.
so let's pass the delay time to devif_timer and remove g_polltimer.
Change-Id: I6ac3d1135e08cc0f34c51916fa713bd6e6892d04
Signed-off-by: Xiang Xiao [email protected]