Menu
▾
▴
#472 STM32F4 chprintf()/chSequentialStreamWrite() crash with size of 0 or NULL pointer.
There is a crash on STM32F4 especially because of DMA behind I think (mainly DMA cannot send null data)
When size is NULL tested with serial-over-USB CDC driver => SDU1 & SDU2 on STM32F4.
Example code:
char str="\0";
chprintf((BaseSequentialStream )&SDU1, "%s", str);
chSequentialStreamWrite( (BaseSequentialStream )&SDU1,(uint8_t )NULL, 0);
I solved this problem by adding a check if size is greater than 0, but I think it should be fixed in driver or at lowest level, as size of 0 can happen with some chprintf() with argument NULL for example which is not always an error.
Anyway those problems shall be analyzed in more details.
Best Regards
Benjamin
Just an update with a clear example:
void cmd_crash1(BaseSequentialStream *chp, int argc, char *argv[]) { char null_str[1]= { 0 }; chprintf(chp, "cmd_crash1() before crash\n"); chThdSleepMilliseconds(1000); chprintf(chp, "%s", &null_str[0]); /* Crash */ chThdSleepMilliseconds(1000); chprintf(chp, "cmd_crash1() after crash (never reached)\n"); } void cmd_crash2(BaseSequentialStream *chp, int argc, char *argv[]) { chprintf(chp, "cmd_crash2() before crash\n"); chThdSleepMilliseconds(1000); chSequentialStreamWrite(chp, NULL, 0); /* Crash */ chThdSleepMilliseconds(1000); chprintf(chp, "cmd_crash2() after crash (never reached)\n"); }The problems is localized in os/kernel/src/chqueues.c
size_t chOQWriteTimeout(OutputQueue *oqp, const uint8_t *bp, size_t n, systime_t time) { qnotify_t nfy = oqp->q_notify; size_t w = 0; chDbgCheck(n > 0, "chOQWriteTimeout");Where it stop on chDbgCheck, I think this assertion shall be removed and just return when size < 1.
Last edit: Benjamin Vernoux 2014-03-16
Does there is any news on this issue as it is trivial to solve it ?
Hi,
The zero size problem has been addressed in chprintf() but not in streams where zero will continue to be a reserved value.
Will be fixed in 2.7.0unstable, 2.6.4stable and 3.0.0development.
Giovanni