Fix hardfaults when running out of memory (nullptr check)

[JonasPerolini]

Solved Problem

Similar to #22056, when running out-of-memory, several parts of the code can cause a hardfault because a nullptr check is missing

• E.g. new char[n]; returns null leading to a hardfault in strcpy(s, stream_name);

Modules affected:

• Mavlink
  • _instance = new MavlinkCommandSender();
  • strcpy(s, stream_name);
  • _uavcan_open_request_list_item *new_reqest = new _uavcan_open_request_list_item;
• mc_nn_control _interpreter = new tflite::MicroInterpreter(control_model, resolver, tensor_arena, kTensorArenaSize);
• Replay Subscription *subscription = new Subscription();
• Sensors next = new DataValidator();
• Simulator mavlink
  • _sensor_gps_pubs[i] = new uORB::PublicationMulti<sensor_gps_s> {ORB_ID(sensor_gps)};
  • _dist_pubs[i] = new uORB::PublicationMulti<distance_sensor_s> {ORB_ID(distance_sensor)};
• UxrceddsClient _repliers[_num_of_repliers] = replier;
• VtolAttitudeControl _vtol_type = new Tailsitter(this);
• GyroFFT missing _peak_magnitudes_all check

Changelog Entry

Bugfix: Fix hardfaults when OOM

[julianoes]

Wondering if this is correct. Should we define the declaration to a char [] to make it clear?

[JonasPerolini]

_subscribe_to_stream is allocated here

char *s = new char[n];
_subscribe_to_stream = s;

with new[] so we need to array delete it with [] (similar to delete[] s;)

Should we define the declaration to a char [] to make it clear?

We can't since the size is not fixed (strlen(stream_name) + 1)

[julianoes]

I think you're right :).

[JonasPerolini]

@julianoes please note that there are several other places where OOM can cause hard faults because nullptr checks are missing e.g.

• _instance = new MavlinkCommandSender();
• _uavcan_open_request_list_item *new_reqest = new _uavcan_open_request_list_item;
• next = new DataValidator();
• _sensor_gps_pubs[i] = new uORB::PublicationMulti<sensor_gps_s> {ORB_ID(sensor_gps)};
• _dist_pubs[i] = new uORB::PublicationMulti<distance_sensor_s> {ORB_ID(distance_sensor)};
• _repliers[_num_of_repliers] = replier;
• VtolAttitudeControl: _vtol_type = new Tailsitter(this);

How should we proceed? Can we handle all of them in the same PR?

[julianoes]

A fallback? What?

[JonasPerolini]

I'm not sure how to handle this error. Any thoughts?