Skip to content

fix: guard LOG_D against null thread pointer in rt_ipc_list_resume()#11337

Open
srpatcha wants to merge 3 commits intoRT-Thread:masterfrom
srpatcha:fix/ipc-null-deref-log
Open

fix: guard LOG_D against null thread pointer in rt_ipc_list_resume()#11337
srpatcha wants to merge 3 commits intoRT-Thread:masterfrom
srpatcha:fix/ipc-null-deref-log

Conversation

@srpatcha
Copy link
Copy Markdown

@srpatcha srpatcha commented Apr 17, 2026

Fix null pointer dereference in rt_ipc_list_resume()

Problem

rt_ipc_list_resume() in src/ipc.c dereferences thread in LOG_D("resume thread:%s\n", thread->parent.name) without checking if thread is RT_NULL. When rt_susp_list_dequeue() returns NULL (empty suspended list), this causes a kernel crash in debug builds.

Root Cause

The function correctly handles the NULL case by assigning thread = RT_NULL in the else branch (line 139), but the LOG_D call on line 143 unconditionally dereferences thread->parent.name before the function returns. This is only a problem in debug builds since LOG_D is compiled out in release mode, making it a latent bug that surfaces during development.

Fix

Wrapped the LOG_D call in a if (thread != RT_NULL) guard to prevent the null pointer dereference.

Testing

  • Trigger an IPC resume on an empty suspended list with debug logging enabled.
  • The system should no longer crash and should return RT_NULL gracefully.

Impact

Affects RT-Thread users debugging IPC operations. The crash only manifests in debug builds, making it particularly insidious during development.

@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Apr 17, 2026
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 17, 2026

👋 感谢您对 RT-Thread 的贡献!Thank you for your contribution to RT-Thread!

为确保代码符合 RT-Thread 的编码规范,请在你的仓库中执行以下步骤运行代码格式化工作流(如果格式化CI运行失败)。
To ensure your code complies with RT-Thread's coding style, please run the code formatting workflow by following the steps below (If the formatting of CI fails to run).

🛠 操作步骤 | Steps

  1. 前往 Actions 页面 | Go to the Actions page
    点击进入工作流 → | Click to open workflow →

  2. 点击 Run workflow | Click Run workflow

  • 设置需排除的文件/目录(目录请以"/"结尾)
    Set files/directories to exclude (directories should end with "/")
  • 将目标分支设置为 \ Set the target branch to:fix/ipc-null-deref-log
  • 设置PR number为 \ Set the PR number to:11337
  1. 等待工作流完成 | Wait for the workflow to complete
    格式化后的代码将自动推送至你的分支。
    The formatted code will be automatically pushed to your branch.

完成后,提交将自动更新至 fix/ipc-null-deref-log 分支,关联的 Pull Request 也会同步更新。
Once completed, commits will be pushed to the fix/ipc-null-deref-log branch automatically, and the related Pull Request will be updated.

如有问题欢迎联系我们,再次感谢您的贡献!💐
If you have any questions, feel free to reach out. Thanks again for your contribution!

@github-actions github-actions Bot added the Kernel PR has src relate code label Apr 17, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 17, 2026
edited
Loading

📌 Code Review Assignment

🏷️ Tag: kernel

Reviewers: GorrayLi ReviewSun hamburger-os lianux-mm wdfk-prog xu18838022837

Changed Files (Click to expand)
  • src/ipc.c

📊 Current Review Status (Last Updated: 2026-04-25 16:31 CST)

  • GorrayLi Pending Review
  • ReviewSun Pending Review
  • hamburger-os Pending Review
  • lianux-mm Pending Review
  • wdfk-prog Pending Review
  • xu18838022837 Pending Review

📝 Review Instructions

  1. 维护者可以通过单击此处来刷新审查状态: 🔄 刷新状态
    Maintainers can refresh the review status by clicking here: 🔄 Refresh Status

  2. 确认审核通过后评论 LGTM/lgtm
    Comment LGTM/lgtm after confirming approval

  3. PR合并前需至少一位维护者确认
    PR must be confirmed by at least one maintainer before merging

ℹ️ 刷新CI状态操作需要具备仓库写入权限。
ℹ️ Refresh CI status operation requires repository Write permission.

BernardXiong
BernardXiong reviewed Apr 19, 2026
View reviewed changes
Comment thread PR_DESCRIPTION.md Outdated
@srpatcha srpatcha requested a review from BernardXiong April 20, 2026 20:13
@srpatcha srpatcha force-pushed the fix/ipc-null-deref-log branch from 7c166c9 to d4b6711 Compare April 20, 2026 20:33
@srpatcha
fix: guard LOG_D against null thread pointer in rt_ipc_list_resume()
ddd2297 
When rt_susp_list_dequeue() returns RT_NULL (empty suspended list),
the LOG_D call dereferences thread->parent.name without a null check,
causing a crash in debug builds.
@srpatcha srpatcha force-pushed the fix/ipc-null-deref-log branch from d4b6711 to ddd2297 Compare April 24, 2026 02:00
@srpatcha
fix: check overflow before modifying IPC state in send functions
8670eb1 
_rt_mb_send_wait, _rt_mq_send_wait, and rt_mq_urgent modified mailbox
and message queue data structures before checking overflow conditions.
On overflow, they returned errors without rolling back changes, causing
state corruption. Moved overflow checks before state modifications.

Signed-off-by: Srikanth Patchava <spatchava@meta.com>
Signed-off-by: Srikanth Patchava <srikanth.patchava@outlook.com>
@srpatcha
Copy link
Copy Markdown
Author

srpatcha commented Apr 25, 2026

Hi @BernardXiong, the PR_DESCRIPTION.md file has been removed — it is no longer in this branch. The only changes are the bug fixes in \src/ipc.c. Could you please re-review? Thank you!

@srpatcha
feat: add message queue utest suite and fix IPC error path
fdb96d9 
Add comprehensive test suite for rt_mq API covering:
- Create/delete and init/detach lifecycle
- Send, receive, and urgent message operations
- Timeout and non-blocking receive behavior
- Queue overflow and boundary conditions
- FIFO ordering verification
- Cross-thread communication
- Message size boundary tests

Fix missing spinlock release in IPC error path.

Signed-off-by: Srikanth Patchava <spatchava@meta.com>
@srpatcha srpatcha requested a review from Rbb666 as a code owner April 25, 2026 08:31
@BernardXiong
Copy link
Copy Markdown
Member

BernardXiong commented Apr 26, 2026

@srpatcha

Thank you for your contribution. But there are many CI failed. Please check the CI firstly.

And all of kernel releated testcases were moved to src/kernel/utest, please follow that. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BernardXiong BernardXiong Awaiting requested review from BernardXiong

@Rbb666 Rbb666 Awaiting requested review from Rbb666 Rbb666 is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

Kernel PR has src relate code testcase

Projects

单元测试(UTEST)Framework
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@srpatcha @CLAassistant @BernardXiong