Evil Linux bug #100
Labels
No Label
API Change
Breaking API Change
bug
build
cosmetics
Documentation
duplicate
feature
help wanted
hotfix
invalid
question
Refactor
Tests
wontfix
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: fsfw/fsfw#100
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This includes general improvements and a very important bugfix.
The bug is a perfect example for how unsafe C can be. Basically one letter was missing, and it was enough to cause
an insidious bug which was hard to track down. I'll write down a bit because it is very interesting to see how missleading
issues like these can be.
Culprit code:
POSIX thread names are restricted to 16 chars.
The name buffer for some reason only had 10 entries.
But the biggest problem was that a strcpy was performed instead of a strncpy.
strcpy is extremely unsafe, it simply copies everything till '\0'.
So, me as a programmer who has no idea of that maximum name length, created a new fixed timeslot task
with the beautiful long name POLLING_SEQUENCE_TABLE_DEFAULT.
So, first issue I encountered was that the msg_max value of the system (default 10) needed for the posix message queueswas too low for DHB (20) and event manager(80).
I fixed that. Next issue: createTask complains. It can not allocate enough memory. So eventually I print out or trace that value: It's some astronomical number (4 * 10^11 MB or something).
So first guess is that that value is uninitialized. It is not.
In fact, when I printed out the value at some other spot in the code, its the MINIMUM_STACK_SIZE for Linux.
So I look everywhere, wondering why the task size is changed. Best thing is, when I make the cached stackSize member protected by moving it up, the size was not changed. Endless confusion.
Eventually after 40 min, I simply set the stack size to the
MINIMUM_STACK_SIZE inside the createTask function.
Great, now its not complaining anymore. Next error: name invalid.
Oh, okay, only 16 chars allowed, alright, I will just truncate the name. How is it stored anyway.. A char[10]?? Odd..
how is it set?
And then I saw the strcpy. the strcpy, being a dumb and dangeorous function, copied
the passed 20-30 char name into the member name and conveniently overwrote one or some members after name, including the stackSize (I guess those are contiguous in memory).
The name was checked after the stack size is set, so i was looking in the wrong place all the time.
Very annoying Linux bugto Evil Linux bugOh, that's a serious bug. Great that you found that!