[Xenomai] bad alloc in rt_queue_create with qlimit != Q_UNLIMITED; broken warning message in heapobj-pshared.c

Josh Bowman jbowman at facts-inc.com
Tue Feb 21 01:52:56 CET 2017


Hi Philippe,

(Xenomai/mercury, stable-3.0.x branch.)

If we pass anything but Q_UNLIMITED as the qlimit param to
rt_queue_create(), the library miscalculates the total pool size when it
adds in the message overhead. (The 3rd param is going to be multiplied by
qlimit again inside heapobj_init_array.)

Also, the 'len' parameter is missing in the warning message generated by
heapobj_init() if the pool can't be allocated.

-Josh

diff --git a/lib/alchemy/queue.c b/lib/alchemy/queue.c
index 3a45257..24bfba1 100644
--- a/lib/alchemy/queue.c
+++ b/lib/alchemy/queue.c
@@ -235,7 +235,7 @@ int rt_queue_create(RT_QUEUE *queue, const char *name,
                    poolsize + (poolsize * 5 / 100));
     else
         ret = heapobj_init_array(&qcb->hobj, qcb->name,
-                     (poolsize / qlimit) *
+                     (poolsize / qlimit) +
                      sizeof(struct alchemy_queue_msg),
                      qlimit);
     if (ret)
diff --git a/lib/copperplate/heapobj-pshared.c
b/lib/copperplate/heapobj-pshared.c
index e02cfd3..e0bee9d 100644
--- a/lib/copperplate/heapobj-pshared.c
+++ b/lib/copperplate/heapobj-pshared.c
@@ -976,7 +976,7 @@ int heapobj_init(struct heapobj *hobj, const char
*name, size_t size)
     heap = alloc_block(&main_heap.heap, len);
     if (heap == NULL) {
         warning("%s() failed for %Zu bytes, raise --mem-pool-size?",
-            __func__);
+                __func__, len);
         return __bt(-ENOMEM);
     }


More information about the Xenomai mailing list