rt-thread icon indicating copy to clipboard operation
rt-thread copied to clipboard
verified publisher icon RT-Thread

[Bug] Pointer error in rt_vsnprintf function

Open LecterChu opened this issue 1 year ago • 0 comments

RT-Thread Version

5.2.0 commit 2f559906d6202c27142237ab4b1d893034a5b7c3

Hardware Type/Architectures

VEXPRESS_A9

Develop Toolchain

GCC

Describe the bug

I encountered another error in rt_vsnprintf function.

Steps to reproduce

1.Build RT-Thread 2.Use the following command to start the kernel with QEMU:

qemu-system-arm \
    -M vexpress-a9 \
    -smp 2 \
    -m 4096M \
    -kernel /path/to/rt-thread/bsp/qemu-vexpress-a9/rtthread.bin \
    -drive if=sd,file=/path/to/rt-thread/bsp/qemu-vexpress-a9/sd.bin,format=raw \
    -nographic \
    -semihosting \

3.Use the functions and parameters provided in the ’Test case‘ section for testing

Source code location

/root/rtthread/rt-thread/src/klibc/kstdio.c : 337

        /* Make sure end is always >= buf */
        if (end < buf)
        {
            end  = ((char *) - 1);
            size = end - buf;
        }

        for (; *fmt ; ++fmt)
        {
337:        if (*fmt != '%')
        {
                if (str < end)
                {
                    *str = *fmt;
                }

Test case

#executing syz_thread_idle_init ()

void syz_thread_idle_init() {
    if (rt_thread_idle_gethandler() != RT_NULL) {
        rt_kprintf("Idle thread is already initialized.\n");
        return; 
    }
    rt_thread_idle_init();
}

Backtrace upon hitting the bug

#executing syz_thread_idle_init ()
2024/09/04 12:18:37 Syscall execution is ok
2024/09/04 12:18:37 qemu run inst merger err: execution timed out
2024/09/04 12:18:37 Received stop signal, requires feedback = true
2024/09/04 12:18:37 running diagnose
2024/09/04 12:18:37 VM-0 failed reading regs: dial tcp 127.0.0.1:28192: connect: connection refused
2024/09/04 12:18:37 VM-0 failed reading regs: dial tcp 127.0.0.1:28192: connect: connection refused
2024/09/04 12:18:37 Stack frames at BUG: unexpected stop:
2024/09/04 12:18:37 Level: 0: 1611238884, /root/kcov.c : write_comp_data : 111 : 
2024/09/04 12:18:37 Level: 1: 1611239238, /root/kcov.c : __sanitizer_cov_trace_const_cmp1 : 167 : 
2024/09/04 12:18:37 Level: 2: 1611457888, /root/rtthread/rt-thread/src/klibc/kstdio.c : rt_vsnprintf : 337 : 
2024/09/04 12:18:37 Level: 3: 1611467024, /root/rtthread/rt-thread/src/kservice.c : rt_kprintf : 343 : 
2024/09/04 12:18:37 Level: 4: 1611213996, /root/rtthread/rt-thread/bsp/qemu-vexpress-a9/applications/common_freertos.h : syz_thread_idle_init : 211 :

It could possibly be that the memory region pointed to by fmt is invalid or out of bounds. I would greatly appreciate it if you could kindly inform me of any mistakes in the previous issues.

Other additional context

No response

Other additional context

No response

LecterChu avatar Sep 10 '24 08:09 LecterChu