# HG changeset patch # User Shinji KONO # Date 1267751569 -32400 # Node ID 5088d70e66c5dce1a7c26d21a73882d0688e20a2 # Parent 8e6fa21b116c6e09326831f57d439e5aefff7e61 heap corruption in TaskArray1 diff -r 8e6fa21b116c -r 5088d70e66c5 TaskManager/Cell/CellTaskManagerImpl.cc --- a/TaskManager/Cell/CellTaskManagerImpl.cc Tue Jan 19 19:09:32 2010 +0900 +++ b/TaskManager/Cell/CellTaskManagerImpl.cc Fri Mar 05 10:12:49 2010 +0900 @@ -131,7 +131,7 @@ if (htask->command==TaskArray1) { // compatibility // Task with ListData is stored in the ListData - int next = (htask->r_size+sizeof(SimpleTask))/sizeof(SimpleTask); + int next = (htask->r_size)/sizeof(SimpleTask) + 1; if (list->length+next>=TASK_MAX_SIZE) { list->length--; TaskListPtr newList = taskListImpl->create(); diff -r 8e6fa21b116c -r 5088d70e66c5 TaskManager/Fifo/FifoTaskManagerImpl.cc --- a/TaskManager/Fifo/FifoTaskManagerImpl.cc Tue Jan 19 19:09:32 2010 +0900 +++ b/TaskManager/Fifo/FifoTaskManagerImpl.cc Fri Mar 05 10:12:49 2010 +0900 @@ -107,7 +107,7 @@ if (htask->command==TaskArray1) { // compatibility - int next = (htask->r_size+sizeof(SimpleTask))/sizeof(SimpleTask); + int next = ((htask->r_size)/sizeof(SimpleTask))+1; if (list->length+next>=TASK_MAX_SIZE) { list->length--; TaskListPtr newList = taskListImpl->create(); @@ -117,6 +117,9 @@ } Task *array = (Task*)&list->tasks[list->length]; list->length += next; + if (list->length>=TASK_MAX_SIZE) { + perror("task array1 overflow\n"); + } memcpy(array, htask->rbuf, htask->r_size); free(htask->rbuf); htask->rbuf = 0; htask->r_size = 0; diff -r 8e6fa21b116c -r 5088d70e66c5 TaskManager/Makefile --- a/TaskManager/Makefile Tue Jan 19 19:09:32 2010 +0900 +++ b/TaskManager/Makefile Fri Mar 05 10:12:49 2010 +0900 @@ -1,5 +1,4 @@ include ./Makefile.def --include ./Makefile.dep TAGS = gtags TAGSOPTION = @@ -46,3 +45,5 @@ tags: $(TAGS) $(TAGSOPTION) + +-include ./Makefile.dep diff -r 8e6fa21b116c -r 5088d70e66c5 TaskManager/kernel/schedule/SchedTaskArray.cc --- a/TaskManager/kernel/schedule/SchedTaskArray.cc Tue Jan 19 19:09:32 2010 +0900 +++ b/TaskManager/kernel/schedule/SchedTaskArray.cc Fri Mar 05 10:12:49 2010 +0900 @@ -164,7 +164,9 @@ } else { // このTaskArrayは終り。save していた Task の次を返す。 // savedTask の read/exec は実行されない (command = TaskArray) - return savedTask->next(scheduler, savedTask); + SchedTaskBase *n = savedTask->next(scheduler, savedTask); + delete savedTask; + return n; } } diff -r 8e6fa21b116c -r 5088d70e66c5 TaskManager/kernel/schedule/SchedTaskBase.h --- a/TaskManager/kernel/schedule/SchedTaskBase.h Tue Jan 19 19:09:32 2010 +0900 +++ b/TaskManager/kernel/schedule/SchedTaskBase.h Fri Mar 05 10:12:49 2010 +0900 @@ -9,16 +9,19 @@ class SchedTaskBase { public: /* constructor */ - SchedTaskBase(void) {} - virtual ~SchedTaskBase(void) {} + // void *called ; // for debug + SchedTaskBase() { + // called = __builtin_return_address(1); + } + virtual ~SchedTaskBase() {} BASE_NEW_DELETE(SchedTaskBase); // noaction in default - virtual void load(void) {} - virtual void read(void) {} - virtual void exec(void) {} - virtual void write(void) {} + virtual void load() {} + virtual void read() {} + virtual void exec() {} + virtual void write() {} /* functions */ virtual SchedTaskBase* next(Scheduler *, SchedTaskBase*) {return 0;}