2000-11-28 Chris Johns <ccj@acm.org>

	* src/heapallocate.c: Do not allow the size to overflow when
	adjusting it.  A test allocated a stack of -1 (~0). This
	actually resulted in a stack being allocated but with a
	size of 0xb. The allocator did not test the size to see if
	it rolled through 0 and so allowed the allocation to happen, the
	thread to get created. The task crashed as you would expect.

2 files changed, 18 insertions, 1 deletions

diff --git a/cpukit/score/ChangeLog b/cpukit/score/ChangeLog
index 654a67faef..70487f1a84 100644
--- a/cpukit/score/ChangeLog
+++ b/cpukit/score/ChangeLog
@@ -1,3 +1,12 @@
+	
+2000-11-28	Chris Johns <ccj@acm.org>
+
+	* src/heapallocate.c: Do not allow the size to overflow when
+	adjusting it.  A test allocated a stack of -1 (~0). This
+	actually resulted in a stack being allocated but with a
+	size of 0xb. The allocator did not test the size to see if
+	it rolled through 0 and so allowed the allocation to happen, the
+	thread to get created. The task crashed as you would expect.
 
 2000-11-02	Joel Sherrill <joel@OARcorp.com>
 
diff --git a/cpukit/score/src/heapallocate.c b/cpukit/score/src/heapallocate.c
index 661a4ba0f7..3699a6b080 100644
--- a/cpukit/score/src/heapallocate.c
+++ b/cpukit/score/src/heapallocate.c
@@ -43,7 +43,15 @@ void *_Heap_Allocate(
   Heap_Block *temporary_block;
   void       *ptr;
   unsigned32  offset;
-  
+
+  /*
+   * Catch the case of a user allocating close to the limit of the
+   * unsigned32.
+   */
+
+  if ( size >= (-1 - HEAP_BLOCK_USED_OVERHEAD) )
+    return( NULL );
+
   excess   = size % the_heap->page_size;
   the_size = size + the_heap->page_size + HEAP_BLOCK_USED_OVERHEAD;