Skip to content

sched/task: fix null pointer dereference in fork address environment … #17985

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
acassis merged 1 commit into from
Jan 17, 2026
Merged

sched/task: fix null pointer dereference in fork address environment … #17985

acassis merged 1 commit into from
Jan 17, 2026
+13 −13

Conversation

@hujun260
Copy link
Contributor

@hujun260 hujun260 commented Jan 17, 2026

Summary

Fix null pointer dereference in fork operation when setting up address environments. The addrenv_join() function accesses the child task's group pointer (child->group), which is initialized by group_initialize(). By moving addrenv_join() to occur after group_initialize(), the code ensures child->group is properly set before it is accessed, eliminating the null pointer dereference.

Changes

  • sched/task/task_fork.c:
    • Move address environment join block in nxtask_setup_fork() from before group_initialize() to after it
    • Relocate addrenv_join() call and its error handling to execute after group_initialize()
    • Maintain all other fork operation sequencing and error handling

Benefits & Technical Details

  • Null pointer safety: child->group is now guaranteed to be initialized before addrenv_join() accesses it
  • Correct sequencing: Task group initialization must precede address environment operations
  • Error handling: All error paths correctly handled with existing cleanup logic
  • Fork correctness: Child task inherits parent's address environment with proper initialization

Testing

  • Verified fork operations complete without null pointer dereference
  • Confirmed child task group is properly initialized before address environment join
  • Tested fork with CONFIG_ARCH_ADDRENV enabled and disabled
  • Validated child task inherits correct address environment from parent
  • Confirmed no regression in fork functionality or child task creation

Impact

  • Correctness: Fixes crash in fork when CONFIG_ARCH_ADDRENV is enabled
  • Compatibility: Fully backward compatible, no API changes
  • Configuration: Particularly important for builds with CONFIG_ARCH_ADDRENV
  • Scope: Affects fork-based task creation with address environment support

@hujun260
sched/task: fix null pointer dereference in fork address environment …
7d78c1d 
…setup

Move addrenv_join() call after group_initialize() in nxtask_setup_fork() to fix
null pointer dereference. addrenv_join() accesses child->group which is
initialized by group_initialize(), so the operations must be sequenced
correctly. Reorder initialization to ensure child task group is set up before
address environment join operations.

Signed-off-by: hujun5 <[email protected]>
@github-actions github-actions bot added Area: OS Components OS Components issues Size: S The size of the change in this PR is small labels Jan 17, 2026
@acassis acassis merged commit ae47d6a into apache:master Jan 17, 2026
40 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@acassis acassis acassis approved these changes

@xiaoxiang781216 xiaoxiang781216 xiaoxiang781216 approved these changes

@linguini1 linguini1 linguini1 approved these changes

@pussuw pussuw Awaiting requested review from pussuw pussuw is a code owner

@anchao anchao Awaiting requested review from anchao anchao is a code owner

@GUIDINGLI GUIDINGLI Awaiting requested review from GUIDINGLI GUIDINGLI is a code owner

Assignees

No one assigned

Labels

Area: OS Components OS Components issues Size: S The size of the change in this PR is small

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@hujun260 @acassis @xiaoxiang781216 @linguini1