Skip to content

Comments

Fix hardfaults when running out of memory (nullptr check)#26516

Open
JonasPerolini wants to merge 2 commits intoPX4:mainfrom
JonasPerolini:fix-mavlink-hardfault
Open

Fix hardfaults when running out of memory (nullptr check)#26516
JonasPerolini wants to merge 2 commits intoPX4:mainfrom
JonasPerolini:fix-mavlink-hardfault

Conversation

@JonasPerolini
Copy link
Contributor

@JonasPerolini JonasPerolini commented Feb 18, 2026

Solved Problem

Similar to #22056, when running out-of-memory, several parts of the code can cause a hardfault because a nullptr check is missing

  • E.g. new char[n]; returns null leading to a hardfault in strcpy(s, stream_name);

Modules affected:

  • Mavlink
    • _instance = new MavlinkCommandSender();
    • strcpy(s, stream_name);
    • _uavcan_open_request_list_item *new_reqest = new _uavcan_open_request_list_item;
  • mc_nn_control _interpreter = new tflite::MicroInterpreter(control_model, resolver, tensor_arena, kTensorArenaSize);
  • Replay Subscription *subscription = new Subscription();
  • Sensors next = new DataValidator();
  • Simulator mavlink
    • _sensor_gps_pubs[i] = new uORB::PublicationMulti<sensor_gps_s> {ORB_ID(sensor_gps)};
    • _dist_pubs[i] = new uORB::PublicationMulti<distance_sensor_s> {ORB_ID(distance_sensor)};
  • UxrceddsClient _repliers[_num_of_repliers] = replier;
  • VtolAttitudeControl _vtol_type = new Tailsitter(this);
  • GyroFFT missing _peak_magnitudes_all check

Changelog Entry

Bugfix: Fix hardfaults when OOM

_receiver.stop();

delete _subscribe_to_stream;
delete[] _subscribe_to_stream;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wondering if this is correct. Should we define the declaration to a char [] to make it clear?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

_subscribe_to_stream is allocated here

char *s = new char[n];
_subscribe_to_stream = s;

with new[] so we need to array delete it with [] (similar to delete[] s;)

Should we define the declaration to a char [] to make it clear?

We can't since the size is not fixed (strlen(stream_name) + 1)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you're right :).

@JonasPerolini
Copy link
Contributor Author

@julianoes please note that there are several other places where OOM can cause hard faults because nullptr checks are missing e.g.

  • _instance = new MavlinkCommandSender();
  • _uavcan_open_request_list_item *new_reqest = new _uavcan_open_request_list_item;
  • next = new DataValidator();
  • _sensor_gps_pubs[i] = new uORB::PublicationMulti<sensor_gps_s> {ORB_ID(sensor_gps)};
  • _dist_pubs[i] = new uORB::PublicationMulti<distance_sensor_s> {ORB_ID(distance_sensor)};
  • _repliers[_num_of_repliers] = replier;
  • VtolAttitudeControl: _vtol_type = new Tailsitter(this);

How should we proceed? Can we handle all of them in the same PR?

@JonasPerolini JonasPerolini changed the title Fix hardfault in mavlink stream strcpy Fix hardfaults when running out of memory (nullptr check) Feb 18, 2026
if (_instance == nullptr) {
PX4_ERR("MavlinkCommandSender unavailable");
static MavlinkCommandSender fallback;
_instance = &fallback;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A fallback? What?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure how to handle this error. Any thoughts?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants