Evaluation of a NULL pointer is undefined behavior. #1
Labels
bug
Something isn't working
internal bug tracker
Issue confirmed and reported into a ticket in the internal bug tracking system
mw
MW-related issue or pull-request
rtos
RTOS-related issue or pull-request
Caution
The Issues are strictly limited for the reporting of problem encountered with the software provided in this project.
For any other problem related to the STM32 product, the performance, the hardware characteristics and boards, the tools the environment in general, please post your report to the ST Community in the STM32 MCUs dedicated page.
Describe the set-up
Any
Describe the bug (skip if none)
In the code the following idiom is used thoroughly as a "free reserved memory if ThreadX primitive construction has failed" pattern:
if ((attr->cb_mem == NULL) || (attr == NULL))
In this case attr may be NULL which will dereference a NULL pointer in the first expression. The effect of dereferencing a NULL pointer depends on several factors including whether address 0 is accessible from a given MCU (e,g,. some of them have TCM memory there), whether accessing an invalid address raises a bus fault (Cortex-M configuration) or whether the address 0 is initialized (depends no the startup code) and if it is not initialized which random value it may have and if dereferencing that random address triggers a fault or its just a no-operation.
In summary, we could conclude that is undefined behavior. Why cannot easily advance what may happen, even it is probable that it does not produces any fault, it just reads a random address that maybe zero or non zero and executes the clean-up code (which is correct for attr = NULL).
How to reproduce the bug (skip if none)
It will trigger a MPU fault.
Additional context
n/a
Screenshots
n/a
The text was updated successfully, but these errors were encountered: