view cdg3/sap/aci.pdf @ 516:1ed9de6c90bd

src/g23m-gsm/sms/sms_for.c: bogus malloc removed The new error handling code that was not present in TCS211 blob version contains a malloc call that is bogus for 3 reasons: 1) The memory allocation in question is not needed in the first place; 2) libc malloc is used instead of one of the firmware's proper ways; 3) The memory allocation is made inside a function and then never freed, i.e., a memory leak. This bug was caught in gcc-built FreeCalypso fw projects (Citrine and Selenite) because our gcc environment does not allow any use of libc malloc (any reference to malloc produces a link failure), but this code from TCS3.2 is wrong even for Magnetite: if this code path is executed repeatedly over a long time, the many small allocations made by this malloc call without a subsequent free will eventually exhaust the malloc heap provided by the TMS470 environment, malloc will start returning NULL, and the bogus code will treat it as an error. Because the memory allocation in question is not needed at all, the fix entails simply removing it.
author Mychaela Falconia <falcon@freecalypso.org>
date Sun, 22 Jul 2018 06:04:49 +0000
parents c15047b3d00d
children
line wrap: on
line source

;********************************************************************************
;*** File           : aci.pdf
;*** Creation       : Wed Mar 11 09:57:41 CST 2009
;*** XSLT Processor : Apache Software Foundation / http://xml.apache.org/xalan-j / supports XSLT-Ver: 1
;*** Copyright      : (c) Texas Instruments AG, Berlin Germany 2002
;********************************************************************************
;*** Document Type  : Service Access Point Specification
;*** Document Name  : aci
;*** Document No.   : 8411.105.00.205
;*** Document Date  : 2004-06-01
;*** Document Status: BEING_PROCESSED
;*** Document Author: Liyi Yu
;********************************************************************************



PRAGMA 	SRC_FILE_TIME 	"Thu Nov 29 09:29:50 2007"
PRAGMA 	LAST_MODIFIED 	"2004-06-01"
PRAGMA 	ID_AND_VERSION 	"8411.105.00.205"



CONST 	MAX_CMD_LEN 	380 	; length of one ACI command sequence
CONST 	MAX_TRC_LEN 	80 	; Max. length of one ACI trace buffer
CONST 	MAX_DATA_LEN 	200 	; length of the signal data



VALTAB 	VAL_cmd_src
VAL 	0 	CMD_SRC_INT 	"Command from internal application"
VAL 	1 	CMD_SRC_EXT 	"Command from external application"
VAL 	255 	CMD_SRC_UNKNOWN 	"Reserved"

VALTAB 	VAL_urt_stat
VAL 	0 	URT_RDY_TO_SEND 	"URT is ready to accept new data"
VAL 	1 	URT_DATA_AVAIL 	"URT has data available"
VAL 	255 	URT_STAT_UNKNOWN 	"Reserved"

VALTAB 	VAL_cause
VAL 	0 	ABT_ABORT_DATA 	"Abort data mode"
VAL 	1 	ABT_ABORT_CMD 	"Abort current command"

VALTAB 	VAL_ackflg
VAL 	0 	ACI_NAK 	"Not Acknowledge"
VAL 	1 	ACI_ACK 	"Acknowledge"




VAR 	cmd_src 	"Command source" 	B

VAL 	@p_aci - VAL_cmd_src@ 	

VAR 	cmd_len 	"Length of command" 	S


VAR 	cmd_seq 	"Command sequence" 	B


VAR 	urt_stat 	"URT status" 	B

VAL 	@p_aci - VAL_urt_stat@ 	

VAR 	cause 	"Cause" 	B

VAL 	@p_aci - VAL_cause@ 	

VAR 	ackflg 	"Acknowledge flag" 	B

VAL 	@p_aci - VAL_ackflg@ 	

VAR 	port_nb 	"port pumber" 	L


VAR 	src_id 	"ACI source ID" 	B


VAR 	trc_len 	"Length of trace" 	S


VAR 	trc_buf 	"Trace buffer" 	B


VAR 	cmd_ptr 	"Command index" 	L


VAR 	signal_id 	"Signal Id" 	S


VAR 	data 	"Signal data" 	L








; ACI_CMD_REQ 	0x1500
; ACI_CMD_CNF 	0x5502
; ACI_CMD_IND 	0x5500
; ACI_CMD_RES 	0x1502
; ACI_ABORT_REQ 	0x1501
; ACI_URT_STAT_IND 	0x5501
; ACI_INIT_IND 	0x5503
; ACI_INIT_RES 	0x1503
; ACI_DEINIT_REQ 	0x1504
; ACI_DEINIT_CNF 	0x5504
; ACI_OPEN_PORT_REQ 	0x1505
; ACI_OPEN_PORT_CNF 	0x5505
; ACI_CLOSE_PORT_REQ 	0x1506
; ACI_CLOSE_PORT_CNF 	0x5506
; ACI_ABORT_CNF 	0x5507
; ACI_CMD_REQ_BT 	0x1507
; ACI_CMD_CNF_BT 	0x5508
; ACI_CMD_IND_BT 	0x5509
; ACI_CMD_RES_BT 	0x1508
; ACI_ABORT_REQ_BT 	0x1509
; ACI_ABORT_CNF_BT 	0x5510
; ACI_TRC_IND 	0x550A
; ACI_RIV_CMD_REQ 	0x1510
; ACI_EXT_IND 	0x150B



PRIM 	ACI_CMD_REQ 	0x1500
{
 	cmd_src 	 ; Command source
 	cmd_len 	 ; length of command
 	cmd_seq 	[MAX_CMD_LEN] 	 ; Command
}






PRIM 	ACI_CMD_CNF 	0x5502
{
 	cmd_len 	 ; length of the command
 	cmd_seq 	[MAX_CMD_LEN] 	 ; command
}






PRIM 	ACI_CMD_IND 	0x5500
{
 	cmd_len 	 ; length of the command
 	cmd_seq 	[MAX_CMD_LEN] 	 ; command
}






PRIM 	ACI_CMD_RES 	0x1502
{
}






PRIM 	ACI_ABORT_REQ 	0x1501
{
 	cmd_src 	 ; Command source
 	cause 	 ; Abort cause
}






PRIM 	ACI_URT_STAT_IND 	0x5501
{
 	urt_stat 	 ; status of URT
}






PRIM 	ACI_INIT_IND 	0x5503
{
}






PRIM 	ACI_INIT_RES 	0x1503
{
 	ackflg 	 ; Acknowledge
}






PRIM 	ACI_DEINIT_REQ 	0x1504
{
}






PRIM 	ACI_DEINIT_CNF 	0x5504
{
}






PRIM 	ACI_OPEN_PORT_REQ 	0x1505
{
 	port_nb 	 ; port number
}






PRIM 	ACI_OPEN_PORT_CNF 	0x5505
{
 	port_nb 	 ; port number
 	ackflg 	 ; result
}






PRIM 	ACI_CLOSE_PORT_REQ 	0x1506
{
 	port_nb 	 ; port number
}






PRIM 	ACI_CLOSE_PORT_CNF 	0x5506
{
 	port_nb 	 ; port number
}






PRIM 	ACI_ABORT_CNF 	0x5507
{
 	cmd_len 	 ; length of the command
 	cmd_seq 	[MAX_CMD_LEN] 	 ; command
}






PRIM 	ACI_CMD_REQ_BT 	0x1507
{
 	cmd_src 	 ; Command source
 	cmd_len 	 ; length of command
 	cmd_seq 	[MAX_CMD_LEN] 	 ; Command
 	src_id 	 ; ACI source
}






PRIM 	ACI_CMD_CNF_BT 	0x5508
{
 	cmd_len 	 ; length of the command
 	cmd_seq 	[MAX_CMD_LEN] 	 ; command
 	src_id 	 ; ACI source
}






PRIM 	ACI_CMD_IND_BT 	0x5509
{
 	cmd_len 	 ; length of the command
 	cmd_seq 	[MAX_CMD_LEN] 	 ; command
 	src_id 	 ; ACI source
}






PRIM 	ACI_CMD_RES_BT 	0x1508
{
 	src_id 	 ; ACI source
}






PRIM 	ACI_ABORT_REQ_BT 	0x1509
{
 	cmd_src 	 ; Command source
 	cause 	 ; Abort cause
 	src_id 	 ; ACI source
}






PRIM 	ACI_ABORT_CNF_BT 	0x5510
{
 	src_id 	 ; ACI source
}






PRIM 	ACI_TRC_IND 	0x550A
{
 	cmd_src 	 ; Command source
 	trc_len 	 ; length of trace
 	trc_buf 	[MAX_TRC_LEN] 	 ; trace
}






PRIM 	ACI_RIV_CMD_REQ 	0x1510
{
 	cmd_ptr 	 ; Command index
}






PRIM 	ACI_EXT_IND 	0x150B
{
 	signal_id 	 ; Signal Id
 	data 	[MAX_DATA_LEN] 	 ; data of the signal
}