==2117790==ERROR: AddressSanitizer: global-buffer-overflow on address 0x64d9e3c0 at pc 0x59ac4e16 bp 0xcefe8058 sp 0xcefe8048
READ of size 1 at 0x64d9e3c0 thread T0
#0 0x59ac4e15 in up_nputs sim/up_nputs.c:54
#1 0x59a67e4c in syslog_default_write syslog/syslog_channel.c:220
#2 0x59a67823 in syslog_default_write syslog/syslog_write.c:101
#3 0x59a67f10 in syslog_write syslog/syslog_write.c:153
#4 0x59a651c3 in syslogstream_flush syslog/syslog_stream.c:60
#5 0x59a6564e in syslogstream_addchar syslog/syslog_stream.c:104
#6 0x59a6576f in syslogstream_putc syslog/syslog_stream.c:140
#7 0x5989fc4d in vsprintf_internal stdio/lib_libvsprintf.c:952
#8 0x598a1298 in lib_vsprintf stdio/lib_libvsprintf.c:1379
#9 0x59a64ea4 in nx_vsyslog syslog/vsyslog.c:223
#10 0x598a601a in vsyslog syslog/lib_syslog.c:68
#11 0x59b0e3dc in AIOTJS::logPrintf(int, char const*, ...) src/ajs_log.cpp:45
#12 0x59b03d56 in jse_dump_obj src/jse/quickjs/jse_quickjs.cpp:569
#13 0x59b03ea1 in jse_dump_error1(JSContext*, unsigned long long) src/jse/quickjs/jse_quickjs.cpp:602
#14 0x59b03dd9 in jse_dump_error(JSContext*) src/jse/quickjs/jse_quickjs.cpp:591
#15 0x59bed615 in ferry::DomComponent::callHook(char const*) src/framework/dom/component.cpp:65
#16 0x59bfe0ff in ferry::DomComponent::initialize() src/framework/dom/component.cpp:645
#17 0x59bb141d in dom_create_component(JSContext*, unsigned long long, unsigned long long, unsigned long long) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x365c41d)
#18 0x59b4c0d3 in AIOTJS::__createComponent(JSContext*, unsigned long long, int, unsigned long long*) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x35f70d3)
#19 0x5a56ec17 in js_call_c_function quickjs/quickjs.c:16108
Signed-off-by: wangbowen6 <wangbowen6@xiaomi.com>
The "p" format specifier already prepends the pointer address with "0x"
when printing.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
Otherwise we will try to dump the state of the current task, however the
exit handler has already started doing some cleanup and invalidated its
group. Accessing the group from dumponexit will crash.
Signed-off-by: Abdelatif Guettouche <abdelatif.guettouche@espressif.com>
"error: incompatible types when assigning to type 'struct filelist *' from type 'struct filelist'
filelist = tcb->group->tg_filelist;"
Signed-off-by: Abdelatif Guettouche <abdelatif.guettouche@espressif.com>
The xxx_netinitialize is defined to a function only if
CONFIG_NET=y and CONFIG_NETDEV_LATEINIT=n. Otherwise it
is defined to an empty macro.
Signed-off-by: Petro Karashchenko <petro.karashchenko@gmail.com>
For example, task is blocked by nxsem_wait(sem1), use nxsem_wait(sem2)
in signal handler, and take sem2 successfully, after exit from signal
handler to task, nxsem_wait(sem1) returns OK, but the correct result
should be -EINTR.
Signed-off-by: Zeng Zhaoxiu <zhaoxiu.zeng@gmail.com>
Gregory Nutt has submitted the SGA
Omni Hoverboards has submitted the SGA
David Sidrane has submitted the ICLA
Mateusz Szafoni has submitted the ICLA
Sebastien Lorquet has submitted the ICLA
Paul Alexander Patience has submitted the ICLA
as a result we can migrate the licenses to Apache.
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
Cleaning during `clean_context` had the issue of remaking everything
when `menuconfig` was issued. That's because `menuconfig` has a
`clean_context` on its way.
Signed-off-by: Abdelatif Guettouche <abdelatif.guettouche@espressif.com>
use the same condition check in declaration and reference
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: I7b05316e914708fceeddac394d784ee3720a3c1b
instead calling kmm_heapmember or umm_heapmember because:
1.The stack supplied by caller may allocate from heap too
2.It's hard to implement these two function in ASan case
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: I196377822b7c4643ab4f29b7c1dc41dcd7c4dab1
All modern desgin support stack pointer and it's also an
important information, so let's standardize this interface.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
arch: Allocate the space from the beginning in up_stack_frame
and modify the affected portion:
1.Correct the stack dump and check
2.Allocate tls_info_s by up_stack_frame too
3.Move the stack fork allocation from arch to sched
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
All supported arch uses a push-down stack:
The stack grows toward lower addresses in memory. The stack pointer
register points to the lowest, valid working address (the "top" of
the stack). Items on the stack are referenced as positive(include zero)
word offsets from sp.
Which means that for stack in the [begin, begin + size):
1.The initial SP point to begin + size
2.push equals sub and then store
3.pop equals load and then add
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Summary:
- During repeating ostest with sabre-6quad:smp (QEMU),
I noticed that pthread_rwlock_test sometimes stops
- Finally, I found that nxtask_exit() released a critical
section too early before context switching which resulted in
selecting inappropriate TCB
- This commit fixes this issue by moving nxsched_resume_scheduler()
from nxtask_exit() to up_exit() and also removing
spin_setbit() and spin_clrbit() from nxtask_exit()
because the caller holds a critical section
- To be consistent with non-SMP cases, the above changes
were done for all CPU architectures
Impact:
- This commit affects all CPU architectures regardless of SMP
Testing:
- Tested with ostest with the following configs
- sabre-6quad:smp (QEMU, dev board), sabre-6quad:nsh (QEMU)
- spresense:wifi_smp
- sim:smp, sim:ostest
- maix-bit:smp (QEMU)
- esp32-devkitc:smp (QEMU)
- lc823450-xgevk:rndis
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
