EPICS Base

callbackRequest calls epicsInterruptContextMessage with string stored on stack

  1. Series 3.16
  2. Bug #1705219
Bug #1705219 reported by Ambroz Bizjak
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
EPICS Base
Fix Released
High
Andrew Johnson
3.14
Fix Released
Undecided
Andrew Johnson
EPICS Base 3.14.12.7
3.15
Fix Released
Undecided
Andrew Johnson
EPICS Base 3.15.6
3.16
Fix Released
High
Andrew Johnson
EPICS Base 3.16.2

Bug Description

This is a theoretical report found incidentally when looking at the code.

The RTEMS implementation of epicsInterruptContextMessage requires the sting remains available (src/libCom/osi/os/RTEMS/osdInterrupt.c):

/*
 * Pass a message from an interrupt context.
 * Note that this passes a pointer to the message, not the message itself.
 * This implies that the message must remain valid after the
 * interrupt context is no longer active.
 */
void
epicsInterruptContextMessage (const char *message)

But callbackRequest calls it with a string constructed on the stack (src/db/callback.c):

    if (!pushOK) {
        char msg[48] = "callbackRequest: ";

        strcat(msg, threadName[priority]);
        strcat(msg, " ring buffer full\n");
        epicsInterruptContextMessage(msg);
        ringOverflow[priority] = TRUE;
    }

This implies that the message printed may be garbage and theoretically a crash may happen depending on what happens to be on that thread's stack when the message is read.

Tags: rtems
Andrew Johnson (anj)
Changed in epics-base:
status: New → Confirmed
importance: Undecided → High
tags: added: rtems
Changed in epics-base:
milestone: none → 3.14.branch
milestone: 3.14.branch → 3.15.branch
milestone: 3.15.branch → none
Revision history for this message
Andrew Johnson (anj) wrote :

This aspect of the epicsInterruptContextMessage() API is undocumented, the AppDevGuide says nothing about the message string. I put that message creation code into callbackRequest(); all other calls to epicsInterruptContextMessage() in Base pass in a static string.

The osi/os/vxWorks implementation calls logMsg() which queues the whole string; the osi/os/default implementation calls errlogPrintf() which behaves similarly but that's only legal because its version of epicsInterruptIsInterruptContext() can never return true.

Heinz's new osi/os/RTEMS-posix implementation (for RTEMS 4.12, which should be merged into EPICS 7) just calls printk() which is presumably safe, but the original that Ambroz posted above is still present in osi/os/RTEMS for the older RTEMS versions.

The only solution I can see which retains the nicer message from callbackRequest() would be to have 3 static error strings and pick one based on the priority. Suggested patch attached (based on 3.14 branch), but I haven't tested it. We should also document the static string requirement properly.

Revision history for this message
Ben Franksen (bfrk) wrote :

A perfectly valid and appropriate fix IMO.

Andrew Johnson (anj)
Changed in epics-base:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.