[BUG] BasicCodecFactory::create() and dispose() have no mutex — TOCTOU race on static codec pool

[fernandesrohan]

• eRPC version: latest (2026)
• Allocation policy: ERPC_ALLOCATION_POLICY_STATIC
• Threading model: ERPC_THREADS_CMSIS
• Platform: ARM Cortex-M

Bug description
BasicCodecFactory::create() and dispose() perform an unprotected read-modify-write on the shared static array s_basicCodecManual. When two RTOS threads call create() simultaneously, both can observe the same slot as !isUsed() and both call construct() on it — corrupting the pool.

// erpc_basic_codec.cpp
Codec *BasicCodecFactory::create(void)
{
    ERPC_CREATE_NEW_OBJECT(BasicCodec, s_basicCodecManual, ERPC_CODEC_COUNT)
    // expands to: scan array, construct first free slot, return pointer
    // — no lock taken anywhere
}

void BasicCodecFactory::dispose(Codec *codec)
{
    ERPC_DESTROY_OBJECT(codec, s_basicCodecManual, ERPC_CODEC_COUNT)
    // expands to: scan array, destroy matching slot
    // — no lock taken anywhere
}

Steps to reproduce the behavior:

1. Configure ERPC_ALLOCATION_POLICY_STATIC, ERPC_THREADS_CMSIS
2. Start 2 or more SimpleServer instances in separate RTOS threads
3. Run concurrent client calls from 2+ client threads for several hours
4. Observe erpc_assert in StaticMessageBufferFactory::create() or NULL dereference in ClientManager::createBufferAndCodec()

• OS: embos
• eRPC Version: v1.14.0

[github-actions]

Hi eRPC user. Thank you for your interest and welcome. We hope you will enjoy this framework well.