You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ndn_msgqueue_post function stores instances of ndn_msg consecutively in the msg_queue buffer. If param_length is not a multiple of 4, the next ndn_msg struct becomes unaligned.
MIPS compiler will generate unaligned load/store instructions for ndn_msg structs themselves because of the pack(1) tag.
However, the param struct passed to the callback function would also be unaligned, and it's likely that that struct has not been declared as pack(1). Consequently, the callback function could perform a regular load instruction on an unaligned address, triggering an address error exception.
This issue has not caused a crash so far, because every invocation of ndn_msgqueue_post in current ndn-lite codebase has been setting param_length to zero. Upon this observations, a potential solution to this bug would be removing param and param_length params.
The text was updated successfully, but these errors were encountered:
Thank you for your report. I made param to be variable in length because I thought people may use this message to store a small Data packet. But currently no package is using msg_queue in this way because it's neither thread-safe nor reentrant. I would replace length and param with a single void* field if this causes problem in the future.
As of 097f568,
ndn_msgqueue_dispatch
can potentially cause address error exception due to unaligned load when running on MIPS32 architecture.The msgqueue operates on this data structure:
ndn_msgqueue_post
function stores instances ofndn_msg
consecutively in themsg_queue
buffer. Ifparam_length
is not a multiple of 4, the nextndn_msg
struct becomes unaligned.MIPS compiler will generate unaligned load/store instructions for
ndn_msg
structs themselves because of thepack(1)
tag.However, the param struct passed to the callback function would also be unaligned, and it's likely that that struct has not been declared as
pack(1)
. Consequently, the callback function could perform a regular load instruction on an unaligned address, triggering an address error exception.This issue has not caused a crash so far, because every invocation of
ndn_msgqueue_post
in current ndn-lite codebase has been settingparam_length
to zero. Upon this observations, a potential solution to this bug would be removingparam
andparam_length
params.The text was updated successfully, but these errors were encountered: