07-14-2014 07:32 PM
While running a static analysis tool, I came across a bug, which if hit, would cause a CRASH.
In the constructor tCHInChSGLChunkyLink::tCHInChSGLChunkyLink,
_linkMemory = _bus->allocDMA(_maxSize);
if (_linkMemory == NULL)
{
status.setCode(kBufferBadMemoryAllocation);
}
// Enforce 8-byte alignment for link memory addresses
if (_linkMemory->getPhysicalAddress() % 8 != 0)
{
status.setCode(kBufferBadAlignment);
}
If the memory could not be allocated, then _linkMemory is dereferenced.
The fix should move the derference inside a "if (status.isNotFatal )" check
07-15-2014 09:41 AM
Hello Kenstern,
I appreciate you letting us know about your findings. I've recorded this in a bug report and we will be investigating the potential issue.
Thanks,
Steven T.