Use-after-clear bug in adc_lld.c

ChibiOS public support forum for topics related to the Freescale Kinetis family of micro-controllers.

Moderator: utzig

bunnie
Posts: 1
Joined: Fri Apr 01, 2016 11:58 am

Use-after-clear bug in adc_lld.c

Postby bunnie » Fri Apr 01, 2016 12:19 pm

Hi, I found a use-after-clear bug in adc_lld.c for the Kinetis branch.

Basically, in the adc ISR code, _adc_isr_full_code() is called and then ADCD1.grpp->circular is referenced.

However, adc_isr_full_code() will set ADCD1.grpp to NULL at the end of a conversion, causing the pointer dereference to yield bogus results. In my case, I was trying to do a single conversion but the bogus dereference would set the system into circular conversion mode, causing the subsequent conversion's ISR to enter with a NULL grpp structure, leading to all kinds of sadness.

Swapping the order of operations so the dereference happens prior to the isr callback seems to fix the problem for me.
Attachments
0001-fix-ADC-LLD-grpp-use-after-clear.patch.gz
(585 Bytes) Downloaded 24 times

utzig
Posts: 354
Joined: Sat Jan 07, 2012 6:22 pm
Location: Brazil
Has thanked: 1 time
Been thanked: 16 times
Contact:

Re: Use-after-clear bug in adc_lld.c

Postby utzig » Fri Apr 01, 2016 2:22 pm

Hi,

We are moving the Kinetis repo to Github (https://github.com/ChibiOS/ChibiOS-Contrib/). Basically what reminds is removing the port from the main SVN repo. I don't mind applying this patch myself but in case you use Github and wanna send a pull request or want me to add a signed-off-by just ask.

Cheers,
Fabio Utzig


Return to “Kinetis Support”

Who is online

Users browsing this forum: No registered users and 0 guests