==2117790==ERROR: AddressSanitizer: global-buffer-overflow on address 0x64d9e3c0 at pc 0x59ac4e16 bp 0xcefe8058 sp 0xcefe8048
READ of size 1 at 0x64d9e3c0 thread T0
#0 0x59ac4e15 in up_nputs sim/up_nputs.c:54
#1 0x59a67e4c in syslog_default_write syslog/syslog_channel.c:220
#2 0x59a67823 in syslog_default_write syslog/syslog_write.c:101
#3 0x59a67f10 in syslog_write syslog/syslog_write.c:153
#4 0x59a651c3 in syslogstream_flush syslog/syslog_stream.c:60
#5 0x59a6564e in syslogstream_addchar syslog/syslog_stream.c:104
#6 0x59a6576f in syslogstream_putc syslog/syslog_stream.c:140
#7 0x5989fc4d in vsprintf_internal stdio/lib_libvsprintf.c:952
#8 0x598a1298 in lib_vsprintf stdio/lib_libvsprintf.c:1379
#9 0x59a64ea4 in nx_vsyslog syslog/vsyslog.c:223
#10 0x598a601a in vsyslog syslog/lib_syslog.c:68
#11 0x59b0e3dc in AIOTJS::logPrintf(int, char const*, ...) src/ajs_log.cpp:45
#12 0x59b03d56 in jse_dump_obj src/jse/quickjs/jse_quickjs.cpp:569
#13 0x59b03ea1 in jse_dump_error1(JSContext*, unsigned long long) src/jse/quickjs/jse_quickjs.cpp:602
#14 0x59b03dd9 in jse_dump_error(JSContext*) src/jse/quickjs/jse_quickjs.cpp:591
#15 0x59bed615 in ferry::DomComponent::callHook(char const*) src/framework/dom/component.cpp:65
#16 0x59bfe0ff in ferry::DomComponent::initialize() src/framework/dom/component.cpp:645
#17 0x59bb141d in dom_create_component(JSContext*, unsigned long long, unsigned long long, unsigned long long) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x365c41d)
#18 0x59b4c0d3 in AIOTJS::__createComponent(JSContext*, unsigned long long, int, unsigned long long*) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x35f70d3)
#19 0x5a56ec17 in js_call_c_function quickjs/quickjs.c:16108
Signed-off-by: wangbowen6 <wangbowen6@xiaomi.com>
allow usrsock USRSOCK_MESSAGE_RESPONSE_DATA_ACK with no-preload data
so addrlen could be updated to valuelen_nontrunc of usrsock_message_datareq_ack_s
nsh> usrsocktest
...
Testing group "basic_getsockname" =>
[TEST ASSERT FAILED!]
In function "basic_getsockname_open":
line 170: Assertion `(ssize_t)((ret)) == (ssize_t)((0))' failed.
got value: -1
should be: 0
Group "basic_getsockname": [FAILED]
Signed-off-by: chao an <anchao@xiaomi.com>
fix usrsock remote_disconnect fail:
nsh> usrsocktest
...
Testing group "remote_disconnect" =>
[TEST ASSERT FAILED!]
In function "receive":
line 497: Assertion `(ssize_t)((ret)) == (ssize_t)((0))' failed.
got value: -1
should be: 0
Group "remote_disconnect": [FAILED]
...
Reference:
RECV(2)
NAME
recv, recvfrom, recvmsg - receive a message from a socket
...
RETURN VALUE
...
When a stream socket peer has performed an orderly shutdown,
the return value will be 0 (the traditional "end-of-file" return).
Datagram sockets in various domains (e.g., the UNIX and Internet domains)
permit zero-length datagrams. When such a datagram is received, the return value is 0.
Signed-off-by: chao an <anchao@xiaomi.com>
fix usrsock getsockname fail
nsh> usrsocktest
...
Testing group "basic_getsockname" =>
[TEST ASSERT FAILED!]
In function "basic_getsockname_open":
line 170: Assertion `(ssize_t)((ret)) == (ssize_t)((0))' failed.
got value: -1
should be: 0
Group "basic_getsockname": [FAILED]
...
Reference:
GETSOCKNAME(2)
NAME
getsockname - get socket name
...
DESCRIPTION
...
The returned address is truncated if the buffer provided is too small;
in this case, addrlen will return a value greater than was supplied to the call.
Signed-off-by: chao an <anchao@xiaomi.com>
follow the below change:
-----------------------------------------------
commit 0334819742
Author: Xiang Xiao <xiaoxiang@xiaomi.com>
Date: Mon Aug 22 05:10:47 2022 +0800
net/usrsock: Change xid from uint64_t to uint32_t
by generating the new xid for each transaction
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Signed-off-by: chao an <anchao@xiaomi.com>
* Update WAMR version
* Enable CONFIG_INTERPRETERS_WAMR_DEBUG_INTERP
(TCP related config changes in this commit are for this)
* Enable CONFIG_MM_DUMP_ON_FAILURE
* Bump CONFIG_NSH_LINELEN
Summary:
- I noticed that ps shows incorrect stack usage when running
getprime in the background.
- With CONFIG_ARCH_ADDRENV=y, a user task including pthread
allocates its stack in the user space that needs to be
accessed with a correct address environment.
- This commit fixes this issue.
Impact:
- CONFIG_ARCH_ADDRENV=y only
Testing:
- Tested with rv-virt:knsh64 on qemu-6.2
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
it inappropriate to apply volatile to the task list:
1.The code access task list is already protected by critical section
2.The queue is complex struct, it isn't enough to protect by volatile
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Summary:
- Current RISC-V/NuttX implementation assumes that text/data/heap
areas are continuous. In fact, CONFIG_ARCH_TEXT_VBASE and
CONFIG_ARCH_HEAP_VBASE are not used for memory allocation.
- This commit assigns dedicated virtual addresses for text and heap
which are the same approach to ARM-v7A/NuttX implementation.
Impact:
- None
Testing:
- Tested with rv-virt:knsh64 (will be updated later)
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
```
ubsan_prologue: ================================================================================
ubsan_prologue: UBSAN: array-index-out-of-bounds in symtab/symtab_allsyms.c:62:37
__ubsan_handle_out_of_bounds: index 1619 is out of range for type 'symtab_s [1]'
ubsan_epilogue: ================================================================================
```
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
because not all compiler support the weak attribute, and
many features are either always used or guarded by config.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
* libs/libc/stdlib/lib_strtod.c:
(strtod): Add a note about limitations of this implementation
as compared to POSIX in the function's docstring. Also fix a
typo.
* libs/libc/stdlib/lib_strtof.c:
(strtof): Port the changes made to strtod in PR-6952 (commit
c83985c5ce) and add same note as above to docstring.
* libs/libc/stdlib/lib_strtold.c:
(strtold): Same changes as strtof.
mpfs_write_tx_fifo() gets stuck in the following case:
- CDCACM is used
- ttyACM0 is opened and then closed from the remote end,
such as Linux or Windows
- data is written into ttyACM0 from NuttX
- tx fifo will never get empty and the system is stuck
Fix this by issuing an error code if the transmit fifo doesn't
proceed as expected. The error code is then propagated into
higher level keeping the system functional.
Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
Do not use 'pvconn' argument to get the connection pointer since
pvconn is normally NULL for some events like NETDEV_DOWN.
Instead, the connection pointer can be reliably obtained from the
corresponding private pointer.
Signed-off-by: chao.an <anchao@xiaomi.com>
It is ok to call kmm_free with a NULL pointer. Thus adopt the
DEBUGASSERT statement to cover this case.
Signed-off-by: Michael Jung <michael.jung@secore.ly>
