ALABSTM
commented
7 months ago Hi @cmarsalc,
Thank you for this report. Your point looks relevant. It will be forwarded to our development teams. I will keep you posted.
With regards,
Open cmarsalc opened 7 months ago
ALABSTM
commented
7 months ago Hi @cmarsalc,
Thank you for this report. Your point looks relevant. It will be forwarded to our development teams. I will keep you posted.
With regards,
ALABSTM
commented
7 months ago ST Internal Reference: 170640
Caution
The Issues are strictly limited for the reporting of problem encountered with the software provided in this project. For any other problem related to the STM32 product, the performance, the hardware characteristics and boards, the tools the environment in general, please post your report to the ST Community in the STM32 MCUs dedicated page.
Describe the set-up
Any
Describe the bug (skip if none)
In the code the following idiom is used thoroughly as a "free reserved memory if ThreadX primitive construction has failed" pattern:
if ((attr->cb_mem == NULL) || (attr == NULL))In this case attr may be NULL which will dereference a NULL pointer in the first expression. The effect of dereferencing a NULL pointer depends on several factors including whether address 0 is accessible from a given MCU (e,g,. some of them have TCM memory there), whether accessing an invalid address raises a bus fault (Cortex-M configuration) or whether the address 0 is initialized (depends no the startup code) and if it is not initialized which random value it may have and if dereferencing that random address triggers a fault or its just a no-operation.
In summary, we could conclude that is undefined behavior. Why cannot easily advance what may happen, even it is probable that it does not produces any fault, it just reads a random address that maybe zero or non zero and executes the clean-up code (which is correct for attr = NULL).
How to reproduce the bug (skip if none)
It will trigger a MPU fault.
Additional context
n/a
Screenshots
n/a