[Rxtx] [Patch] Fix for termios_list handling in termios.c:add_port()

Ilkka Myller ilkka at myller.com
Sat Feb 28 13:32:24 MST 2009 

>
>
> On Thu, 26 Feb 2009, Ilkka Myller wrote:
>
>> Hi everyone,
>>
>> Summary:
>>
>> There is a bug in rxtx termios.c which causes occasional null  
>> pointer references, leading to EXCEPTION_ACCESS_VIOLATION  
>> (Segmentation error, SIGSEGV) errors from JVM.
>> These happen when Java app does multithreaded port open-close- 
>> reopen cycles on group of serial ports.
>> termios.c is used in windows native libraries for serial port  
>> access so this bug only applies to rxtx on windows platforms.
>>
>>
>> Analysis:
>>
>> There is a doubly linked list in termios.c for holding metadata for  
>> open serial ports: termios_list.
>> It's first element is stored in variable first_tl and list can be  
>> iterated with each items own ->prev and ->next pointers.
>>
>> Null pointer reference happens in add_port() method, which keeps  
>> all additions to list sorted by file descriptor (fd) of the serial  
>> port file.
>> It maintains list in order where smaller numerical fd value is  
>> closer to the beginning of the list.
>>
>> However, the add_port() implementation does not support adding  
>> items to the beginning of a non-empty list.
>> It can only add items as first in empty list, in between existing  
>> items, and to the end of the list.
>>
>> So obviously, bug occurs when sorting logic ends up in a state that  
>> it needs to add item as first in a NON-empty list.
>> In this case, the list handling tries to do in-between insert and  
>> ends up using first items ->prev pointer which is always NULL.
>>
>> This causes segmentation error, which Windows JVM reports as  
>> EXCEPTION_ACCESS_VIOLATION and halts.
>>
>>
>> Proposed fix:
>>
>> I've included a patch to fix this issue by adding proper doubly  
>> linked list handling to add_port() method.
>> With this patch, add_port() is capable of doing item placement in  
>> the beginning of non-empty termios_list, thus preventing the null  
>> pointer reference condition.
>>
>> As usual, the changes to RXTX code have been kept as minimal as  
>> possible.
>> I've tested this to work (and resolve the issue) on Windows XP SP3  
>> (x86) platform.
>> Great thanks to François-Xavier Gendrin for supplying the Java code  
>> that shows the problem :)
>>
>> The patch is against 2.2pre2 and CVS head (@2009/02/26).
>> Two attachments with this mail are the same patch, but in two  
>> different diff-formats ('cvs diff -up' and plain 'cvs diff')
>>
>>
>
> Thanks Ilkka
>
> I'll include this is the src & bins I hope to get out today or  
> tomorrow. When I put that code in, I remember thinking there must be  
> a glib or other solution for the same old traditional problem.
>


Thanks,

Yes, in glib there is a linked list implementation (GList) which is  
very robust. Several other open source linked list libraries are also  
available (SimCList, SGLib..).
Initially, when fixing this issue, I also though that all linked lists  
in rxtx would be much more reliable using one those tested  
implementations.

But at this point in 2.2 development it is probably not wise to  
introduce any extensive code changes. (??)
So I decided to create a patch with absolutely minimal changes  
necessary to fix this issue.

But if you and other developers choose to use (semi-)standard  
libraries for things like linked lists - I personally feel that it's a  
good decision :)

--
I

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.qbang.org/pipermail/rxtx/attachments/20090228/9d9d1932/attachment-0963.htm>

More information about the Rxtx mailing list