[ECOS] RAMFS new problem, access to address 0.

felixwong@i-technologies.cc felixwong@i-technologies.cc
Fri Nov 9 01:58:00 GMT 2001


The case can be duplicated easily from my ARM7 EB40 board & PC synthetic target.

In running the RAMFS testing program "fileio1" built from the RAMFS test.
(I use block device with external label name).


In "main" of "fileio1.c" for RAMFS testing:
    err = chdir( "/" );
This line will cause error which will write to a NULL pointer at 0.

Since EB40 not writable at 0 by default. No fault will be generated.
But in PC synthetic target, a segmentation fault will occur.

In file.cxx:
ret = cdir_mtab_entry->fs->chdir( cdir_mtab_entry, cdir_dir, NULL, NULL );

Since cyg_dir cdir_dir = CYG_DIR_NULL; as defined in misc.cxx initially.
cdir_dir == 0 as passed to the chdir routine.

Follow the above line, we arrive at "ramfs_chdir" routine.
In which has a line :
	dec_refcnt( node );
where node is 0.  (take the parameter of cdir_dir).

node->refcnt--;

This line cause the protection fault in subroutine "dec_refcnt".
cdir_dir should be initiallized after a file system is mounted with "/" included.


More information about the Ecos-discuss mailing list