From d66fd9f965f27eb0446d6aed24b8758674f98b53 Mon Sep 17 00:00:00 2001 From: David Sidrane Date: Mon, 13 Mar 2017 12:34:39 -1000 Subject: [PATCH 1/2] semaphore:sem_boostholderprio prevent overrun of pend_reprios The second case rtcb->sched_priority <= htcb->sched_priority did not check if there is sufficient space in the pend_reprios array. --- sched/semaphore/sem_holder.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/sched/semaphore/sem_holder.c b/sched/semaphore/sem_holder.c index cd8b26c662..e0d594b132 100644 --- a/sched/semaphore/sem_holder.c +++ b/sched/semaphore/sem_holder.c @@ -379,8 +379,16 @@ static int sem_boostholderprio(FAR struct semholder_s *pholder, * saved priority and not to the base priority. */ - htcb->pend_reprios[htcb->npend_reprio] = rtcb->sched_priority; - htcb->npend_reprio++; + if (htcb->npend_reprio < CONFIG_SEM_NNESTPRIO) + { + htcb->pend_reprios[htcb->npend_reprio] = rtcb->sched_priority; + htcb->npend_reprio++; + } + else + { + serr("ERROR: CONFIG_SEM_NNESTPRIO exceeded\n"); + DEBUGASSERT(htcb->npend_reprio < CONFIG_SEM_NNESTPRIO); + } } } From caf8bac7fb9452f25a3297147e7b414d46e74c6f Mon Sep 17 00:00:00 2001 From: David Sidrane Date: Mon, 13 Mar 2017 22:54:13 +0000 Subject: [PATCH 2/2] missing semi --- sched/semaphore/sem_holder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sched/semaphore/sem_holder.c b/sched/semaphore/sem_holder.c index e0d594b132..eaf443342d 100644 --- a/sched/semaphore/sem_holder.c +++ b/sched/semaphore/sem_holder.c @@ -125,7 +125,7 @@ static inline FAR struct semholder_s *sem_allocholder(sem_t *sem) pholder = NULL; } - DEBUGASSERT(pholder != NULL) + DEBUGASSERT(pholder != NULL); return pholder; }