diff options
author | Joel Sherrill <joel.sherrill@OARcorp.com> | 2011-07-08 16:50:53 +0000 |
---|---|---|
committer | Joel Sherrill <joel.sherrill@OARcorp.com> | 2011-07-08 16:50:53 +0000 |
commit | d90fef258f1b9a3a982535bd22f9dcca546b5ba1 (patch) | |
tree | 8abf029cf09e7eb79e0327a184b37af52133bec3 /cpukit | |
parent | 2011-07-07 Joel Sherrill <joel.sherrill@oarcorp.com> (diff) | |
download | rtems-d90fef258f1b9a3a982535bd22f9dcca546b5ba1.tar.bz2 |
2011-07-08 Joel Sherrill <joel.sherrill@oarcorp.com>
* score/src/coremsg.c: Use 64-bit intermediate result on multiply to
reliably detect overflow.
Diffstat (limited to 'cpukit')
-rw-r--r-- | cpukit/ChangeLog | 5 | ||||
-rw-r--r-- | cpukit/score/src/coremsg.c | 31 |
2 files changed, 31 insertions, 5 deletions
diff --git a/cpukit/ChangeLog b/cpukit/ChangeLog index 0ea7ee1697..79f340f0c7 100644 --- a/cpukit/ChangeLog +++ b/cpukit/ChangeLog @@ -1,3 +1,8 @@ +2011-07-08 Joel Sherrill <joel.sherrill@oarcorp.com> + + * score/src/coremsg.c: Use 64-bit intermediate result on multiply to + reliably detect overflow. + 2011-07-07 Joel Sherrill <joel.sherrill@oarcorp.com> * libblock/src/nvdisk-sram.c, libi2c/libi2c.c, diff --git a/cpukit/score/src/coremsg.c b/cpukit/score/src/coremsg.c index 4e3b9545e1..6aeed9e9c8 100644 --- a/cpukit/score/src/coremsg.c +++ b/cpukit/score/src/coremsg.c @@ -31,6 +31,27 @@ #include <rtems/score/wkspace.h> /* + * size_t_mult32_with_overflow + * + * This method multiplies two size_t 32-bit numbers and checks + * for overflow. It returns false if an overflow occurred and + * the result is bad. + */ +static inline bool size_t_mult32_with_overflow( + size_t a, + size_t b, + size_t *c +) +{ + long long x = (long long)a*b; + + if ( x > SIZE_MAX ) + return false; + *c = (size_t) x; + return true; +} + +/* * _CORE_message_queue_Initialize * * This routine initializes a newly created message queue based on the @@ -55,7 +76,7 @@ bool _CORE_message_queue_Initialize( size_t maximum_message_size ) { - size_t message_buffering_required; + size_t message_buffering_required = 0; size_t allocated_message_size; the_message_queue->maximum_pending_messages = maximum_pending_messages; @@ -80,10 +101,10 @@ bool _CORE_message_queue_Initialize( * Calculate how much total memory is required for message buffering and * check for overflow on the multiplication. */ - message_buffering_required = (size_t) maximum_pending_messages * - (allocated_message_size + sizeof(CORE_message_queue_Buffer_control)); - - if (message_buffering_required < allocated_message_size) + if ( !size_t_mult32_with_overflow( + (size_t) maximum_pending_messages, + allocated_message_size + sizeof(CORE_message_queue_Buffer_control), + &message_buffering_required ) ) return false; /* |