PDA

View Full Version : Serious bug corrupts heap in T3 beta7



Bill Greiman
11-09-2012, 02:25 PM
This is a link to a post I did in the wrong category here http://forum.pjrc.com/threads/145-Somthing-is-clobbering-two-stack-locations.

This bug can cause problems with String, SD.h, and any sketch that uses malloc.

Bill Greiman
11-10-2012, 04:06 PM
I have now narrowed this problem to usb_isr().

I attached leds to Teensy pins 8 and 9 in addition to using the pin 13 led.

I fill the region from _ebss to _estack with 0X55555555.

I modified usb_isr to check memory on entry and exit.

The result is that memory is overwritten during the execution of usb_isr(). This is indicated by the digitalWrite(13, 1) being executed in the usb_isr as shown below.

Here is the diff for usb_dev.c


diff -ur org/usb_dev.c mod/usb_dev.c
--- org/usb_dev.c Tue Nov 6 16:49:58 2012
+++ mod/usb_dev.c Sat Nov 10 07:48:28 2012
@@ -2,7 +2,7 @@
//#include "HardwareSerial.h"
#include "usb_dev.h"
#include "usb_mem.h"
-
+extern int dbgBadMem();/////////////////////////////////////////////////////////////////
// buffer descriptor table

typedef struct {
@@ -592,7 +592,10 @@
void usb_isr(void)
{
uint8_t status, stat, t;
-
+ if (dbgBadMem()) {///////////////////////////////////////////////////////////////////
+ digitalWrite(8 ,1);
+ while(1);
+ }///////////////////////////////////////////////////////////////////////////////////
//serial_print("isr");
//status = USB0_ISTAT;
//serial_phex(status);
@@ -764,6 +767,10 @@

// is this necessary?
USB0_CTL = USB_CTL_USBENSOFEN;
+ if (dbgBadMem()) {///////////////////////////////////////////////////////////////////
+ digitalWrite(9,1);
+ while(1);
+ }///////////////////////////////////////////////////////////////////////////////////
return;
}

@@ -786,7 +793,10 @@
//serial_print("sleep\n");
USB0_ISTAT = USB_ISTAT_SLEEP;
}
-
+ if (dbgBadMem()) {///////////////////////////////////////////////////////////////////
+ digitalWrite(13,1);
+ while(1);
+ }///////////////////////////////////////////////////////////////////////////////////
}


Here is dbgBadMem()


int dbgBadMem() {
unsigned *p = &_ebss;
int i;
for (i = 0; i < 200; i++) {
if (p[i] != 0X55555555) return 1;
}
return 0;
}

Bill Greiman
11-11-2012, 05:20 PM
This bug is caused by an error in the linker script mk20dx128.ld http://forum.pjrc.com/threads/219-Bug-Teensy-3-0-linker-script-causes-bss-to-overlap-heap.