EPICS Base

iocShell calls epicsThreadResume with unchecked thread id

Bug #1052459 reported by Ralph Lange
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
EPICS Base
Triaged
Medium
Ralph Lange

Bug Description

The iocShell command wrapper for epicsThreadResume (in libComRegister.c) calls epicsThreadGetName() on a thread id argument it got from the shell, assuming that this verifies the number being a valid thread id.

But epicsThreadGetName() does not verify anything, and neither does epicsThreadResume() when it is called with an arbitrary number. The IOC immediately segfaults when you call epicsThreadResume from iocShell with a number that is not a valid thread id.

Revision history for this message
Ralph Lange (ralph-lange) wrote :

User code that works with threads might also be interested in validating a thread id before using (dereferencing) it. So maybe epicsThread should get a validator function:

epicsThreadId epicsThreadValidateId(const epicsThreadId id);

returns id if it is valid, else NULL.

Revision history for this message
Andrew Johnson (anj) wrote :

The epicsThreadResume command assumes that epicsThreadGetName() will return an empty string when given an invalid thread id. That seems to be a reasonable interpretation as long as the architecture can identify a valid tid, but that isn't how the various versions have been implemented:
 * RTEMS just converts the tid to a string using for format "0x%lx".
 * VxWorks copies whatever taskName() gives back.
 * Posix and Win32 assume it must be valid and copy a string from the relevant member.

I agree with the idea of adding a validator, but implementing it everywhere might need work.

Definitely needs a test in epicsThreadTest.cpp.

Changed in epics-base:
importance: Undecided → High
Andrew Johnson (anj)
Changed in epics-base:
status: New → Triaged
importance: High → Medium
mdavidsaver (mdavidsaver)
Changed in epics-base:
assignee: nobody → Ralph Lange (ralph-lange)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.