ASAN trace:
...
==32087==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4502120 at pc 0x56673ca3 bp 0xff9b6a08 sp 0xff9b69f8
WRITE of size 1 at 0xf4502120 thread T0
#0 0x56673ca2 in strcpy string/lib_strcpy.c:64
0xf4502120 is located 0 bytes to the right of 8224-byte region [0xf4500100,0xf4502120)
allocated by thread T0 here:
#0 0xf7a60f54 in malloc (/usr/lib32/libasan.so.4+0xe5f54)
#1 0x5667725d in up_create_stack sim/up_createstack.c:135
#2 0x56657ed8 in nxthread_create task/task_create.c:125
#3 0x566580bb in kthread_create task/task_create.c:297
#4 0x5665935f in work_start_highpri wqueue/kwork_hpthread.c:149
#5 0x56656f31 in nx_workqueues init/nx_bringup.c:181
#6 0x56656fc6 in nx_bringup init/nx_bringup.c:436
#7 0x56656e95 in nx_start init/nx_start.c:809
#8 0x566548d4 in main sim/up_head.c:95
#9 0xf763ae80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80)
CALLSTACK:
#8 0xf79de7a5 in __asan_report_store1 () from /usr/lib32/libasan.so.4
#9 0x565fd4d7 in strcpy (dest=0xf4a02121 "", src=0xf5c00895 "k") at string/lib_strcpy.c:64
#10 0x565e4eb2 in nxtask_setup_stackargs (tcb=0xf5c00810, argv=0x0) at task/task_setup.c:570
#11 0x565e50ff in nxtask_setup_arguments (tcb=0xf5c00810, name=0x5679e580 "hpwork", argv=0x0) at task/task_setup.c:714
#12 0x565e414e in nxthread_create (name=0x5679e580 "hpwork", ttype=2 '\002', priority=224, stack=0x0, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:143
#13 0x565e42e3 in kthread_create (name=0x5679e580 "hpwork", priority=224, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:297
#14 0x565e5557 in work_start_highpri () at wqueue/kwork_hpthread.c:149
#15 0x565e3e32 in nx_workqueues () at init/nx_bringup.c:181
#16 0x565e3ec7 in nx_bringup () at init/nx_bringup.c:436
#17 0x565e3d96 in nx_start () at init/nx_start.c:809
#18 0x565e3195 in main (argc=1, argv=0xffe6b954, envp=0xffe6b95c) at sim/up_head.c:95
Change-Id: I096f7952aae67d055daa737e967242eb217ef8ac
Signed-off-by: chao.an <anchao@xiaomi.com>
like other related macro(e.g. INTMAX_MIN, INTMAX_MAX...)
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: I8863599960b1a9b1c22ae9c35735a379a4c745b0
utilize the call inside nxtask_exit instead, also move
nxsched_suspend_scheduler to nxtask_exit for symmetry
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: I219fc15faf0026e452b0db3906aa40b40ac677f3
-Move task_init() and task_activate() prototypes from include/sched.h to include/nuttx/sched.h. These are internal OS functions and should not be exposed to the user.
-Remove references to task_init() and task_activate() from the User Manual.
-Rename task_init() to nxtask_init() since since it is an OS internal function
-Rename task_activate() to nxtask_activate since it is an OS internal function
All complaints fixed except for those that were not possible to fix:
- Used of Mixed case identifier in ESP32 files. These are references to Expressif ROM functions which are outside of the scope of NuttX.
- Remove per-thread errno from the TCB structure (pterrno)
- Remove get_errno() and set_errno() as functions. The macros are still available as stubs and will be needed in the future if we need to access the errno from a different address environment (KERNEL mode).
- Add errno value to the tls_info_s structure definitions
- Move sched/errno to libs/libc/errno. Replace old TCB access to the errno with TLS access to the errno.
Mac OS X was renamed to macOS at some point. Update references to
OSX, OS X, Mac OS X, Mac OSX, and other permutations, to macOS,
in README files and in comments of other files.
lpc2148_spi1.c:142:24: warning: initialization of 'uint32_t (*)(struct spi_dev_s *, uint32_t)' {aka 'unsigned int (*)(struct spi_dev_s *, unsigned int)'} from incompatible pointer type 'uint16_t (*)(struct spi_dev_s *, uint16_t)' {aka 'short unsigned int (*)(struct spi_dev_s *, short unsigned int)'} [-Wincompatible-pointer-types]
142 | .send = spi_send,
| ^~~~~~~~
lpc2148_spi1.c:142:24: note: (near initialization for 'g_spiops.send')
In file included from ieee802154/mac802154_bind.c:49:
ieee802154/mac802154_internal.h: In function 'mac802154_setdevmode':
ieee802154/mac802154_internal.h:788:42: warning: converting a packed 'enum ieee802154_devmode_e' pointer (alignment 1) to a 'const union ieee802154_attr_u' pointer (alignment 4) may result in an unaligned pointer value [-Waddress-of-packed-member]
788 | (FAR const union ieee802154_attr_u *)&mode);
| ^~~~~~~~~~~~~~~~~
chip/stm32_hciuart.c: In function 'hciuart_read':
chip/stm32_hciuart.c:2104:30: warning: statement with no effect [-Wunused-value]
2104 | ntotal == (ssize_t)ret;
| ~~~~~~~^~~~~~~~~~~~~~~
wireless/ieee80211/bcm43xxx/bcmf_driver.c: In function 'bcmf_wl_auth_event_handler':
wireless/ieee80211/bcm43xxx/bcmf_driver.c:579:23: warning: taking address of packed member of 'struct bcmf_event_s' may result in an unaligned pointer value [-Waddress-of-packed-member]
579 | type = bcmf_getle32(&event->type);
| ^~~~~~~~~~~~
wireless/ieee80211/bcm43xxx/bcmf_driver.c:580:25: warning: taking address of packed member of 'struct bcmf_event_s' may result in an unaligned pointer value [-Waddress-of-packed-member]
580 | status = bcmf_getle32(&event->status);
| ^~~~~~~~~~~~~~
wireless/ieee80211/bcm43xxx/bcmf_driver.c: In function 'bcmf_wl_scan_event_handler':
wireless/ieee80211/bcm43xxx/bcmf_driver.c:619:25: warning: taking address of packed member of 'struct bcmf_event_s' may result in an unaligned pointer value [-Waddress-of-packed-member]
619 | status = bcmf_getle32(&event->status);
| ^~~~~~~~~~~~~~
wireless/ieee80211/bcm43xxx/bcmf_driver.c:620:35: warning: taking address of packed member of 'struct bcmf_event_s' may result in an unaligned pointer value [-Waddress-of-packed-member]
620 | escan_result_len = bcmf_getle32(&event->len);
| ^~~~~~~~~~~
wireless/ieee80211/bcm43xxx/bcmf_bdc.c: In function 'bcmf_bdc_process_event_frame':
wireless/ieee80211/bcm43xxx/bcmf_bdc.c:166:27: warning: taking address of packed member of 'struct bcmf_event_s' may result in an unaligned pointer value [-Waddress-of-packed-member]
166 | event_id = bcmf_getle32(&event_msg->event.type);
| ^~~~~~~~~~~~~~~~~~~~~~
wireless/ieee80211/bcm43xxx/mmc_sdio.c: In function 'sdio_io_rw_direct':
wireless/ieee80211/bcm43xxx/mmc_sdio.c:157:3: warning: converting a packed 'struct sdio_resp_R5' pointer (alignment 1) to a 'uint32_t' {aka 'unsigned int'} pointer (alignment 4) may result in an unaligned pointer value [-Waddress-of-packed-member]
157 | ret = SDIO_RECVR5(dev, SD_ACMD52, (uint32_t *)&resp);
| ^~~
wireless/ieee80211/bcm43xxx/mmc_sdio.c:79:28: note: defined here
79 | begin_packed_struct struct sdio_resp_R5
| ^~~~~~~~~~~~
wireless/ieee80211/bcm43xxx/mmc_sdio.c: In function 'sdio_io_rw_extended':
wireless/ieee80211/bcm43xxx/mmc_sdio.c:239:11: warning: converting a packed 'struct sdio_resp_R5' pointer (alignment 1) to a 'uint32_t' {aka 'unsigned int'} pointer (alignment 4) may result in an unaligned pointer value [-Waddress-of-packed-member]
239 | ret = SDIO_RECVR5(dev, SD_ACMD53, (uint32_t *)&resp);
| ^~~
wireless/ieee80211/bcm43xxx/mmc_sdio.c:79:28: note: defined here
79 | begin_packed_struct struct sdio_resp_R5
| ^~~~~~~~~~~~
wireless/ieee80211/bcm43xxx/mmc_sdio.c:244:11: warning: converting a packed 'struct sdio_resp_R5' pointer (alignment 1) to a 'uint32_t' {aka 'unsigned int'} pointer (alignment 4) may result in an unaligned pointer value [-Waddress-of-packed-member]
244 | ret = SDIO_RECVR5(dev, SD_ACMD53, (uint32_t *)&resp);
| ^~~
wireless/ieee80211/bcm43xxx/mmc_sdio.c:79:28: note: defined here
79 | begin_packed_struct struct sdio_resp_R5
| ^~~~~~~~~~~~
wireless/ieee80211/bcm43xxx/mmc_sdio.c:257:7: warning: converting a packed 'struct sdio_resp_R5' pointer (alignment 1) to a 'uint32_t' {aka 'unsigned int'} pointer (alignment 4) may result in an unaligned pointer value [-Waddress-of-packed-member]
257 | ret = SDIO_RECVR5(dev, SD_ACMD53, (uint32_t *)&resp);
| ^~~
wireless/ieee80211/bcm43xxx/mmc_sdio.c:79:28: note: defined here
79 | begin_packed_struct struct sdio_resp_R5
| ^~~~~~~~~~~~
wireless/ieee80211/bcm43xxx/mmc_sdio.c:265:3: warning: converting a packed 'struct sdio_resp_R5' pointer (alignment 1) to a 'uint32_t' {aka 'unsigned int'} pointer (alignment 4) may result in an unaligned pointer value [-Waddress-of-packed-member]
265 | SDIO_RECVR1(dev, SD_ACMD52ABRT, (uint32_t *)&resp);
| ^~~~~~~~~~~
wireless/ieee80211/bcm43xxx/mmc_sdio.c:79:28: note: defined here
79 | begin_packed_struct struct sdio_resp_R5
| ^~~~~~~~~~~~
chip/stm32_adc.c: In function 'adc_reset':
chip/stm32_adc.c:2860:7: warning: unused variable 'ret' [-Wunused-variable]
2860 | int ret;
| ^~~
chip/stm32_adc.c: In function 'adc_shutdown':
chip/stm32_adc.c:3044:7: warning: unused variable 'ret' [-Wunused-variable]
3044 | int ret;
| ^~~
chip/stm32_i2c.c:722:12: warning: 'stm32_i2c_sem_wait_noncancelable' defined but not used [-Wunused-function]
722 | static int stm32_i2c_sem_wait_noncancelable(FAR struct i2c_master_s *dev)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
wireless/gs2200m.c: In function 'gs2200m_read':
wireless/gs2200m.c:727:20: warning: passing argument 1 of 'nxsem_wait' from incompatible pointer type [-Wincompatible-pointer-types]
727 | ret = nxsem_wait(dev);
| ^~~
| |
| struct gs2200m_dev_s *
.config:1207:warning: symbol value '' invalid for TESTING_OSTEST_FPUSIZE
platform/audio/cxd56_audio_analog.c:69:13: warning: inline function 'cxd56_audio_clock_is_enabled' declared but never defined
69 | inline bool cxd56_audio_clock_is_enabled(void);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
platform/audio/cxd56_audio_analog.c:68:13: warning: inline function 'cxd56_audio_clock_disable' declared but never defined
68 | inline void cxd56_audio_clock_disable(void);
| ^~~~~~~~~~~~~~~~~~~~~~~~~
platform/audio/cxd56_audio_analog.c:67:13: warning: inline function 'cxd56_audio_clock_enable' declared but never defined
67 | inline void cxd56_audio_clock_enable(uint32_t clk, uint32_t div);
| ^~~~~~~~~~~~~~~~~~~~~~~~
chip/stm32_adc.c: In function 'adc_reset':
chip/stm32_adc.c:1348:7: warning: unused variable 'ret' [-Wunused-variable]
1348 | int ret;
| ^~~
chip/stm32_adc.c: In function 'adc_shutdown':
chip/stm32_adc.c:1496:7: warning: unused variable 'ret' [-Wunused-variable]
1496 | int ret;
| ^~~
chip/stm32_i2c.c:729:12: warning: 'stm32_i2c_sem_wait_uninterruptble' defined but not used [-Wunused-function]
729 | static int stm32_i2c_sem_wait_uninterruptble(FAR struct i2c_master_s *dev)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
wireless/lpwan/sx127x/sx127x.c:147:52: warning: missing terminating ' character
147 | # warning OOK support is not complete, RX+TX doesn't work yet!
| ^
str71_spi.c:435:24: warning: initialization of 'uint32_t (*)(struct spi_dev_s *, uint32_t)' {aka 'unsigned int (*)(struct spi_dev_s *, unsigned int)'} from incompatible pointer type
'uint16_t (*)(struct spi_dev_s *, uint16_t)' {aka 'short unsigned int (*)(struct spi_dev_s *, short unsigned int)'} [-Wincompatible-pointer-types]
435 | .send = spi_send,
| ^~~~~~~~
str71_spi.c:435:24: note: (near initialization for 'g_spiops.send')
chip/pic32mx-lowconsole.c:147:24: warning: 'pic32mx_getreg' defined but not used [-Wunused-function]
static inline uint32_t pic32mx_getreg(uintptr_t uart_base,
^
chip/pic32mx-gpio.c:113:20: warning: 'pic32mx_value' defined but not used [-Wunused-function]
static inline bool pic32mx_value(uint16_t pinset)
^
chip/pic32mz-gpio.c:124:20: warning: 'pic32mz_value' defined but not used [-Wunused-function]
static inline bool pic32mz_value(pinset_t pinset)
^
chip/pic32mx-usbdev.c:3065:1: warning: 'pic32mx_epreserved' defined but not used [-Wunused-function]
pic32mx_epreserved(struct pic32mx_usbdev_s *priv, int epno)
^
mmcsd/mmcsd_spi.c: In function 'mmcsd_mediachanged':
mmcsd/mmcsd_spi.c:1938:7: warning: 'return' with a value, in function returning void
return ret;
^
In file included from partition/fs_partition.c:42:0:
partition/partition.h:66:19: warning: 'read_partition_block' defined but not used [-Wunused-function]
static inline int read_partition_block(FAR struct partition_state_s *state,
^
local/local_netpoll.c: In function 'local_pollsetup':
local/local_netpoll.c:305:1: warning: label 'pollerr' defined but not used [-Wunused-label]
pollerr:
^~~~~~~
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: If3ea8f32b878aa218072130f7c3018f0d3c1aca5
So call 'make EXTRAFLAGS=-Wno-cpp' could suppress the warnings with pre-processor
directive #warning in GCC.
Change-Id: Iaa618238924c9969bf91db22117b39e6d2fc9bb6
Signed-off-by: liuhaitao <liuhaitao@xiaomi.com>
Resolution of Issue 619 will require multiple steps, this part of the first step in that resolution: Every call to nxsem_wait_uninterruptible() must handle the return value from nxsem_wait_uninterruptible properly. This commit is for all I2C drivers under arch/.