Use-after-clear bug in adc_lld.c
Posted: Fri Apr 01, 2016 12:19 pm
Hi, I found a use-after-clear bug in adc_lld.c for the Kinetis branch.
Basically, in the adc ISR code, _adc_isr_full_code() is called and then ADCD1.grpp->circular is referenced.
However, adc_isr_full_code() will set ADCD1.grpp to NULL at the end of a conversion, causing the pointer dereference to yield bogus results. In my case, I was trying to do a single conversion but the bogus dereference would set the system into circular conversion mode, causing the subsequent conversion's ISR to enter with a NULL grpp structure, leading to all kinds of sadness.
Swapping the order of operations so the dereference happens prior to the isr callback seems to fix the problem for me.
Basically, in the adc ISR code, _adc_isr_full_code() is called and then ADCD1.grpp->circular is referenced.
However, adc_isr_full_code() will set ADCD1.grpp to NULL at the end of a conversion, causing the pointer dereference to yield bogus results. In my case, I was trying to do a single conversion but the bogus dereference would set the system into circular conversion mode, causing the subsequent conversion's ISR to enter with a NULL grpp structure, leading to all kinds of sadness.
Swapping the order of operations so the dereference happens prior to the isr callback seems to fix the problem for me.