[En-Nut-Discussion] Bug in timer.c?

Ole Reinhardt ole.reinhardt at kernelconcepts.de
Tue Jul 12 15:57:20 CEST 2005


Hi Harald and Matthias,

> Many thanks for providing this info. No idea yet, but
> it may help.

I just found the "why". But don't know how to fix it correctly since I
don't know that much about the overall functionality of the timer
handling.

So the problem is located at line 324 in os/timer.c


nexttn = tn->tn_next;
if (nexttn->tn_callback == 0) {
  // remove entry from linked list and update ticks
  nexttn->tn_next->tn_ticks_left += nexttn->tn_ticks_left; // line 324
  tn->tn_next = nexttn->tn_next;
  free(nexttn);
}

At line 324 you add tn_ticks_left to the next timer in the list but
don't check if it exists. If you reached the last timer in the list,
this will overwrite some random address in the memeory on avr or
segfault on unix.

My approach would be:

if (nexttn->tn_next != NULL) {
  nexttn->tn_next->tn_ticks_left += nexttn->tn_ticks_left; // line 324
}

Would this be ok or would this have any side effects?

Bye,

Ole

-- 
kernel concepts    Tel: +49-271-771091-14
Dreisbachstr. 24   Fax: +49-271-771091-19
D-57250 Netphen    E+ : +49-177-7420433
--





More information about the En-Nut-Discussion mailing list