EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

Format page
for printing


Search Tech-talk
2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  <20212022  2023  2024  Index 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  <20212022  2023  2024 
<== Date ==> <== Thread ==>
Subject: [Bug 1932120] Re: callbackRequest potentially accesses uninitialized memory
From: Dirk Zimoch via Core-talk <core-talk at aps.anl.gov>
To: core-talk at aps.anl.gov
Date: Thu, 17 Jun 2021 19:50:15 -0000 
diff --git a/modules/database/src/ioc/db/callback.c b/modules/database/src/ioc/db/callback.c
index 3fa2493..4a26e27 100644
--- a/modules/database/src/ioc/db/callback.c
+++ b/modules/database/src/ioc/db/callback.c
@@ -263,7 +263,9 @@ void callbackCleanup(void)
 
         assert(epicsAtomicGetIntT(&mySet->threadsRunning)==0);
         epicsEventDestroy(mySet->semWakeUp);
+        mySet->semWakeUp = NULL;
         epicsRingPointerDelete(mySet->queue);
+        mySet->queue = NULL;
     }
 
     epicsTimerQueueRelease(timerQueue);
@@ -333,6 +335,10 @@ int callbackRequest(epicsCallback *pcallback)
         return S_db_badChoice;
     }
     mySet = &callbackQueue[priority];
+    if (!mySet->queue) {
+        epicsInterruptContextMessage("callbackRequest: Callbacks not initialized\n");
+        return S_db_notInit;
+    }
     if (mySet->queueOverflow) return S_db_bufFull;
 
     pushOK = epicsRingPointerPush(mySet->queue, pcallback);

-- 
You received this bug notification because you are a member of EPICS
Core Developers, which is subscribed to EPICS Base.
Matching subscriptions: epics-core-list-subscription
https://bugs.launchpad.net/bugs/1932120

Title:
  callbackRequest potentially accesses uninitialized memory

Status in EPICS Base:
  New

Bug description:
  If epicsAtomicCmpAndSwapIntT() in callbackInit() fails for some reason
  (e.g. because of bug #1932118), the callback queues never get
  initialized (and callback threads never get started) and the following
  warning is printed during iocInit:

  Warning: callbackInit called again before callbackCleanup

  Nevertheless,  callbackRequest() will use these uninitialized queues
  (and an uninitialized event semaphore) without checking, resulting in
  strange message from a spinLock in the uninitialized queue:

  0x132f380 (timerQueue): epicsSpinLock(0x1fda0b79): Deadlock.
  Recursive lock, missed unlock or block when locked.Thread timerQueue (0x132f380) can't proceed, suspending.

  A patch is attached.

To manage notifications about this bug go to:
https://bugs.launchpad.net/epics-base/+bug/1932120/+subscriptions
References:
[Bug 1932120] [NEW] callbackRequest potentially accesses uninitialized memory Dirk Zimoch via Core-talk
Navigate by Date:
Prev: [Bug 1932118] Re: Bug in vxWorks epicsAtomicCmpAndSwapIntT Dirk Zimoch via Core-talk
Next: [Bug 1932120] Re: callbackRequest potentially accesses uninitialized memory Dirk Zimoch via Core-talk
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  <20212022  2023  2024 
Navigate by Thread:
Prev: [Bug 1932120] Re: callbackRequest potentially accesses uninitialized memory Andrew Johnson via Core-talk
Next: [Bug 1932120] Re: callbackRequest potentially accesses uninitialized memory Dirk Zimoch via Core-talk
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  <20212022  2023  2024 
ANJ, 17 Jun 2021 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·