Skip to content

Commit

Permalink
unit-test: Fix segfault due to discrepancy between the real and mocke…
Browse files Browse the repository at this point in the history 
…d recvfrom

Symptom:
test_vDHCPProcess_eWaitingOffer_CorrectState_ValidBytesInMessage_MatchingEndPoint()
segfaults.

What AddressSanitizer says about that:

    test/unit-test/build/Annexed_TCP_Sources/FreeRTOS_DHCP.c:1139:28: runtime error:
        member access within null pointer of type 'const struct DHCPMessage_IPv4_t'
    AddressSanitizer:DEADLYSIGNAL
    =================================================================
    ==14403==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000ec
    ==14403==The signal is caused by a READ memory access.
    ==14403==Hint: address points to the zero page.
        #0 0x456eb7 in prvIsValidDHCPResponse test/unit-test/build/Annexed_TCP_Sources/FreeRTOS_DHCP.c:1139
        FreeRTOS#1 0x4584c3 in prvProcessDHCPReplies test/unit-test/build/Annexed_TCP_Sources/FreeRTOS_DHCP.c:1280
        FreeRTOS#2 0x45038c in xHandleWaitingOffer test/unit-test/build/Annexed_TCP_Sources/FreeRTOS_DHCP.c:334
        FreeRTOS#3 0x45366a in vDHCPProcessEndPoint test/unit-test/build/Annexed_TCP_Sources/FreeRTOS_DHCP.c:735
        FreeRTOS#4 0x44fe57 in vDHCPProcess test/unit-test/build/Annexed_TCP_Sources/FreeRTOS_DHCP.c:263
        FreeRTOS#5 0x418d2c in test_vDHCPProcess_eWaitingOffer_CorrectState_ValidBytesInMessage_MatchingEndPoint test/unit-test/FreeRTOS_DHCP/FreeRTOS_DHCP_utest.c:147

Diagnosis:
pxDHCPMessage in prvProcessDHCPReplies() is the unlucky null pointer.
As commented, it is expected to be set as an out-arg of FreeRTOS_recvfrom()
due to calling it with FREERTOS_ZERO_COPY, but the condition for it
in the mocked FreeRTOS_recvfrom() is that the sum of all flags
is FREERTOS_ZERO_COPY + FREERTOS_MSG_PEEK.

Finding the right fix:
Should we add a null check? Nope.
Set the FREERTOS_MSG_PEEK flag? Nope.
The mocked function did not check the FREERTOS_ZERO_COPY flag properly.
Observe that in the real FreeRTOS_recvfrom(),
specifically inside prvRecvFrom_CopyPacket(),
the condition for setting the zero-copy pointer into the buffer with the data
depends only on one flag - FREERTOS_ZERO_COPY - and ignores the rest.
It is obviously important that the mocked condition is exactly the same.
  • Loading branch information
@anordal
anordal committed Jun 4, 2024
1 parent 22fb292 commit 181c271
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion test/unit-test/FreeRTOS_DHCP/FreeRTOS_DHCP_stubs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -336,7 +336,7 @@ static int32_t FreeRTOS_recvfrom_ResetAndIncorrectStateWithSocketAlreadyCreated_
pxIterator = pxIterator->pxNext;
}

if( xFlags == FREERTOS_ZERO_COPY + FREERTOS_MSG_PEEK )
if( ( xFlags & FREERTOS_ZERO_COPY ) != 0 )
{
*( ( uint8_t ** ) pvBuffer ) = pucUDPBuffer;
}
Expand Down

0 comments on commit 181c271

Please sign in to comment.