summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSebastian Huber <sebastian.huber@embedded-brains.de>2016-05-25 14:28:34 +0200
committerSebastian Huber <sebastian.huber@embedded-brains.de>2016-05-26 21:44:30 +0200
commitd887c1b5b30733fd2d6cf07a4a264f57ab9f4b4b (patch)
treeb243c14df77ca439d3d12f9b0052d8620b15a6a2
parent39bcf7417ea39806e4817a9ce72cfc20c060c4bf (diff)
downloadrtems-d887c1b5b30733fd2d6cf07a4a264f57ab9f4b4b.tar.bz2
posix: Fix sem_init() with too large initial value
Close #2721.
-rw-r--r--cpukit/posix/src/seminit.c7
-rw-r--r--testsuites/psxtests/psxsem01/init.c12
2 files changed, 18 insertions, 1 deletions
diff --git a/cpukit/posix/src/seminit.c b/cpukit/posix/src/seminit.c
index cc47312172..249edf67ee 100644
--- a/cpukit/posix/src/seminit.c
+++ b/cpukit/posix/src/seminit.c
@@ -43,8 +43,13 @@ int sem_init(
int status;
POSIX_Semaphore_Control *the_semaphore;
- if ( !sem )
+ if ( sem == NULL ) {
rtems_set_errno_and_return_minus_one( EINVAL );
+ }
+
+ if ( value > SEM_VALUE_MAX ) {
+ rtems_set_errno_and_return_minus_one( EINVAL );
+ }
_Objects_Allocator_lock();
status = _POSIX_Semaphore_Create_support(
diff --git a/testsuites/psxtests/psxsem01/init.c b/testsuites/psxtests/psxsem01/init.c
index 1bec5c65a7..023f79a4ab 100644
--- a/testsuites/psxtests/psxsem01/init.c
+++ b/testsuites/psxtests/psxsem01/init.c
@@ -109,6 +109,17 @@ static void test_sem_post_overflow(void)
rtems_test_assert( rv == 0 );
}
+static void test_sem_init_too_large_inital_value(void)
+{
+ sem_t sem;
+ int rv;
+
+ errno = 0;
+ rv = sem_init( &sem, 0, SEM_VALUE_MAX + 1 );
+ rtems_test_assert( rv == -1 );
+ rtems_test_assert( errno == EINVAL );
+}
+
void *POSIX_Init(
void *argument
)
@@ -379,6 +390,7 @@ void *POSIX_Init(
test_sem_wait_during_delete();
test_sem_post_overflow();
+ test_sem_init_too_large_inital_value();
/* Try adding in unlinking before closing... (can we still open?) */