diff options
| author | Joel Sherrill <joel.sherrill@OARcorp.com> | 2004-07-14 21:05:38 +0000 |
|---|---|---|
| committer | Joel Sherrill <joel.sherrill@OARcorp.com> | 2004-07-14 21:05:38 +0000 |
| commit | e18303d9975abbe9247214eea756cbb9f0982279 (patch) | |
| tree | d477078d337393ad11871f25500569ea84c3c491 /cpukit/score | |
| parent | 2004-07-14 Joel Sherrill <joel@OARcorp.com> (diff) | |
| download | rtems-e18303d9975abbe9247214eea756cbb9f0982279.tar.bz2 | |
2004-07-14 Joel Sherrill <joel@OARcorp.com>
PR 650/rtems
* src/coremsg.c: Check for mathemathical overflow when calculating
amount of memory to allocate for message buffers.
Diffstat (limited to 'cpukit/score')
| -rw-r--r-- | cpukit/score/ChangeLog | 6 | ||||
| -rw-r--r-- | cpukit/score/src/coremsg.c | 20 |
2 files changed, 25 insertions, 1 deletions
diff --git a/cpukit/score/ChangeLog b/cpukit/score/ChangeLog index 38a97c6630..903db628ad 100644 --- a/cpukit/score/ChangeLog +++ b/cpukit/score/ChangeLog @@ -1,3 +1,9 @@ +2004-07-14 Joel Sherrill <joel@OARcorp.com> + + PR 650/rtems + * src/coremsg.c: Check for mathemathical overflow when calculating + amount of memory to allocate for message buffers. + 2004-05-06 Joel Sherrill <joel@OARcorp.com> PR 618/rtems diff --git a/cpukit/score/src/coremsg.c b/cpukit/score/src/coremsg.c index 05238b3bc8..120e03e360 100644 --- a/cpukit/score/src/coremsg.c +++ b/cpukit/score/src/coremsg.c @@ -64,7 +64,8 @@ boolean _CORE_message_queue_Initialize( _CORE_message_queue_Set_notify( the_message_queue, NULL, NULL ); /* - * round size up to multiple of a ptr for chain init + * Round size up to multiple of a pointer for chain init and + * check for overflow on adding overhead to each message. */ allocated_message_size = maximum_message_size; @@ -73,15 +74,32 @@ boolean _CORE_message_queue_Initialize( allocated_message_size &= ~(sizeof(unsigned32) - 1); } + if (allocated_message_size < maximum_message_size) + return FALSE; + + /* + * Calculate how much total memory is required for message buffering and + * check for overflow on the multiplication. + */ message_buffering_required = maximum_pending_messages * (allocated_message_size + sizeof(CORE_message_queue_Buffer_control)); + if (message_buffering_required < allocated_message_size) + return FALSE; + + /* + * Attempt to allocate the message memory + */ the_message_queue->message_buffers = (CORE_message_queue_Buffer *) _Workspace_Allocate( message_buffering_required ); if (the_message_queue->message_buffers == 0) return FALSE; + /* + * Initialize the pool of inactive messages, pending messages, + * and set of waiting threads. + */ _Chain_Initialize ( &the_message_queue->Inactive_messages, the_message_queue->message_buffers, |