fix: guard LOG_D against null thread pointer in rt_ipc_list_resume()

Srikanth Patchava · Srikanth Patchava · commit e7754b1d7bfb · 2026-04-17T13:07:17.000-07:00
When rt_susp_list_dequeue() returns RT_NULL (empty suspended list),
the LOG_D call dereferences thread-&gt;parent.name without a null check,
causing a crash in debug builds.
diff --git a/PR_DESCRIPTION.md b/PR_DESCRIPTION.md
@@ -0,0 +1,22 @@
+# Fix null pointer dereference in rt_ipc_list_resume()
+
+## Problem
+
+`rt_ipc_list_resume()` in `src/ipc.c` dereferences `thread` in `LOG_D("resume thread:%s\n", thread->parent.name)` without checking if `thread` is `RT_NULL`. When `rt_susp_list_dequeue()` returns NULL (empty suspended list), this causes a kernel crash in debug builds.
+
+## Root Cause
+
+The function correctly handles the NULL case by assigning `thread = RT_NULL` in the else branch (line 139), but the `LOG_D` call on line 143 unconditionally dereferences `thread->parent.name` before the function returns. This is only a problem in debug builds since `LOG_D` is compiled out in release mode, making it a latent bug that surfaces during development.
+
+## Fix
+
+Wrapped the `LOG_D` call in a `if (thread != RT_NULL)` guard to prevent the null pointer dereference.
+
+## Testing
+
+- Trigger an IPC resume on an empty suspended list with debug logging enabled.
+- The system should no longer crash and should return RT_NULL gracefully.
+
+## Impact
+
+Affects RT-Thread users debugging IPC operations. The crash only manifests in debug builds, making it particularly insidious during development.
diff --git a/src/ipc.c b/src/ipc.c
@@ -44,7 +44,7 @@
  * 2022-04-08     Stanley      Correct descriptions
  * 2022-10-15     Bernard      add nested mutex feature
  * 2022-10-16     Bernard      add prioceiling feature in mutex
- * 2023-04-16     Xin-zheqi    redesigen queue recv and send function return real message size
+ * 2023-04-16     Xin-zheqi    redesign queue recv and send function return real message size
  * 2023-09-15     xqyjlj       perf rt_hw_interrupt_disable/enable
  */
 
@@ -140,7 +140,10 @@ struct rt_thread *rt_susp_list_dequeue(rt_list_t *susp_list, rt_err_t thread_err
     }
     rt_sched_unlock(slvl);
 
-    LOG_D("resume thread:%s\n", thread->parent.name);
+    if (thread != RT_NULL)
+    {
+        LOG_D("resume thread:%s\n", thread->parent.name);
+    }
 
     return thread;
 }
