HS uses the CFE_SB_Buffer_t type incorrectly #112
Description
Checklist (Please check before submitting)
- I reviewed the Contributing Guide.
- I performed a cursory search to see if the bug report is relevant, not redundant, nor in conflict with other tickets.
Describe the bug
The CFE_SB_Buffer_t is a special type, referring to message buffers that are allocated from the SB message pool. The only real source of these objects is the function CFE_SB_AllocateMessageBuffer().
Although this type is defined in a public header for API reasons, it should never be instantiated by apps, and doing so is unsafe. Passing such an object (a "CFE_SB_Buffer_t" instance that didn't actually come from CFE_SB_AllocateMessageBuffer()) to a function like CFE_SB_TransmitBuffer() will likely corrupt the memory pool - it is akin to calling free() on a block that didn't come from malloc().
Code snips
HS/config/default_hs_tblstruct.h
Line 93 in 4d38d46
System observed on:
- Hardware
- OS: [e.g. Linux 4.4]
- Versions [e.g. cFE 6.6, OSAL 4.2, PSP 1.3 for mcp750, any related apps]
Additional context
It appears the intent here was to get some alignment in the table entries. But alignment can be achieved by simply using void* and/or long long. Using CFE_SB_Buffer_t in this context has unsafe implications.
Reporter Info
Joseph Hickey, Vantage Systems, Inc.