FreeCalypso > hg > fc-magnetite
view cdg3/sap/aci.pdf @ 516:1ed9de6c90bd
src/g23m-gsm/sms/sms_for.c: bogus malloc removed
The new error handling code that was not present in TCS211 blob version
contains a malloc call that is bogus for 3 reasons:
1) The memory allocation in question is not needed in the first place;
2) libc malloc is used instead of one of the firmware's proper ways;
3) The memory allocation is made inside a function and then never freed,
i.e., a memory leak.
This bug was caught in gcc-built FreeCalypso fw projects (Citrine
and Selenite) because our gcc environment does not allow any use of
libc malloc (any reference to malloc produces a link failure),
but this code from TCS3.2 is wrong even for Magnetite: if this code
path is executed repeatedly over a long time, the many small allocations
made by this malloc call without a subsequent free will eventually
exhaust the malloc heap provided by the TMS470 environment, malloc will
start returning NULL, and the bogus code will treat it as an error.
Because the memory allocation in question is not needed at all,
the fix entails simply removing it.
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Sun, 22 Jul 2018 06:04:49 +0000 |
parents | c15047b3d00d |
children |
line wrap: on
line source
;******************************************************************************** ;*** File : aci.pdf ;*** Creation : Wed Mar 11 09:57:41 CST 2009 ;*** XSLT Processor : Apache Software Foundation / http://xml.apache.org/xalan-j / supports XSLT-Ver: 1 ;*** Copyright : (c) Texas Instruments AG, Berlin Germany 2002 ;******************************************************************************** ;*** Document Type : Service Access Point Specification ;*** Document Name : aci ;*** Document No. : 8411.105.00.205 ;*** Document Date : 2004-06-01 ;*** Document Status: BEING_PROCESSED ;*** Document Author: Liyi Yu ;******************************************************************************** PRAGMA SRC_FILE_TIME "Thu Nov 29 09:29:50 2007" PRAGMA LAST_MODIFIED "2004-06-01" PRAGMA ID_AND_VERSION "8411.105.00.205" CONST MAX_CMD_LEN 380 ; length of one ACI command sequence CONST MAX_TRC_LEN 80 ; Max. length of one ACI trace buffer CONST MAX_DATA_LEN 200 ; length of the signal data VALTAB VAL_cmd_src VAL 0 CMD_SRC_INT "Command from internal application" VAL 1 CMD_SRC_EXT "Command from external application" VAL 255 CMD_SRC_UNKNOWN "Reserved" VALTAB VAL_urt_stat VAL 0 URT_RDY_TO_SEND "URT is ready to accept new data" VAL 1 URT_DATA_AVAIL "URT has data available" VAL 255 URT_STAT_UNKNOWN "Reserved" VALTAB VAL_cause VAL 0 ABT_ABORT_DATA "Abort data mode" VAL 1 ABT_ABORT_CMD "Abort current command" VALTAB VAL_ackflg VAL 0 ACI_NAK "Not Acknowledge" VAL 1 ACI_ACK "Acknowledge" VAR cmd_src "Command source" B VAL @p_aci - VAL_cmd_src@ VAR cmd_len "Length of command" S VAR cmd_seq "Command sequence" B VAR urt_stat "URT status" B VAL @p_aci - VAL_urt_stat@ VAR cause "Cause" B VAL @p_aci - VAL_cause@ VAR ackflg "Acknowledge flag" B VAL @p_aci - VAL_ackflg@ VAR port_nb "port pumber" L VAR src_id "ACI source ID" B VAR trc_len "Length of trace" S VAR trc_buf "Trace buffer" B VAR cmd_ptr "Command index" L VAR signal_id "Signal Id" S VAR data "Signal data" L ; ACI_CMD_REQ 0x1500 ; ACI_CMD_CNF 0x5502 ; ACI_CMD_IND 0x5500 ; ACI_CMD_RES 0x1502 ; ACI_ABORT_REQ 0x1501 ; ACI_URT_STAT_IND 0x5501 ; ACI_INIT_IND 0x5503 ; ACI_INIT_RES 0x1503 ; ACI_DEINIT_REQ 0x1504 ; ACI_DEINIT_CNF 0x5504 ; ACI_OPEN_PORT_REQ 0x1505 ; ACI_OPEN_PORT_CNF 0x5505 ; ACI_CLOSE_PORT_REQ 0x1506 ; ACI_CLOSE_PORT_CNF 0x5506 ; ACI_ABORT_CNF 0x5507 ; ACI_CMD_REQ_BT 0x1507 ; ACI_CMD_CNF_BT 0x5508 ; ACI_CMD_IND_BT 0x5509 ; ACI_CMD_RES_BT 0x1508 ; ACI_ABORT_REQ_BT 0x1509 ; ACI_ABORT_CNF_BT 0x5510 ; ACI_TRC_IND 0x550A ; ACI_RIV_CMD_REQ 0x1510 ; ACI_EXT_IND 0x150B PRIM ACI_CMD_REQ 0x1500 { cmd_src ; Command source cmd_len ; length of command cmd_seq [MAX_CMD_LEN] ; Command } PRIM ACI_CMD_CNF 0x5502 { cmd_len ; length of the command cmd_seq [MAX_CMD_LEN] ; command } PRIM ACI_CMD_IND 0x5500 { cmd_len ; length of the command cmd_seq [MAX_CMD_LEN] ; command } PRIM ACI_CMD_RES 0x1502 { } PRIM ACI_ABORT_REQ 0x1501 { cmd_src ; Command source cause ; Abort cause } PRIM ACI_URT_STAT_IND 0x5501 { urt_stat ; status of URT } PRIM ACI_INIT_IND 0x5503 { } PRIM ACI_INIT_RES 0x1503 { ackflg ; Acknowledge } PRIM ACI_DEINIT_REQ 0x1504 { } PRIM ACI_DEINIT_CNF 0x5504 { } PRIM ACI_OPEN_PORT_REQ 0x1505 { port_nb ; port number } PRIM ACI_OPEN_PORT_CNF 0x5505 { port_nb ; port number ackflg ; result } PRIM ACI_CLOSE_PORT_REQ 0x1506 { port_nb ; port number } PRIM ACI_CLOSE_PORT_CNF 0x5506 { port_nb ; port number } PRIM ACI_ABORT_CNF 0x5507 { cmd_len ; length of the command cmd_seq [MAX_CMD_LEN] ; command } PRIM ACI_CMD_REQ_BT 0x1507 { cmd_src ; Command source cmd_len ; length of command cmd_seq [MAX_CMD_LEN] ; Command src_id ; ACI source } PRIM ACI_CMD_CNF_BT 0x5508 { cmd_len ; length of the command cmd_seq [MAX_CMD_LEN] ; command src_id ; ACI source } PRIM ACI_CMD_IND_BT 0x5509 { cmd_len ; length of the command cmd_seq [MAX_CMD_LEN] ; command src_id ; ACI source } PRIM ACI_CMD_RES_BT 0x1508 { src_id ; ACI source } PRIM ACI_ABORT_REQ_BT 0x1509 { cmd_src ; Command source cause ; Abort cause src_id ; ACI source } PRIM ACI_ABORT_CNF_BT 0x5510 { src_id ; ACI source } PRIM ACI_TRC_IND 0x550A { cmd_src ; Command source trc_len ; length of trace trc_buf [MAX_TRC_LEN] ; trace } PRIM ACI_RIV_CMD_REQ 0x1510 { cmd_ptr ; Command index } PRIM ACI_EXT_IND 0x150B { signal_id ; Signal Id data [MAX_DATA_LEN] ; data of the signal }