diff options
Diffstat (limited to 'c/src/exec/score')
-rw-r--r-- | c/src/exec/score/ChangeLog | 9 | ||||
-rw-r--r-- | c/src/exec/score/src/heapallocate.c | 10 |
2 files changed, 18 insertions, 1 deletions
diff --git a/c/src/exec/score/ChangeLog b/c/src/exec/score/ChangeLog index 654a67faef..70487f1a84 100644 --- a/c/src/exec/score/ChangeLog +++ b/c/src/exec/score/ChangeLog @@ -1,3 +1,12 @@ + +2000-11-28 Chris Johns <ccj@acm.org> + + * src/heapallocate.c: Do not allow the size to overflow when + adjusting it. A test allocated a stack of -1 (~0). This + actually resulted in a stack being allocated but with a + size of 0xb. The allocator did not test the size to see if + it rolled through 0 and so allowed the allocation to happen, the + thread to get created. The task crashed as you would expect. 2000-11-02 Joel Sherrill <joel@OARcorp.com> diff --git a/c/src/exec/score/src/heapallocate.c b/c/src/exec/score/src/heapallocate.c index 661a4ba0f7..3699a6b080 100644 --- a/c/src/exec/score/src/heapallocate.c +++ b/c/src/exec/score/src/heapallocate.c @@ -43,7 +43,15 @@ void *_Heap_Allocate( Heap_Block *temporary_block; void *ptr; unsigned32 offset; - + + /* + * Catch the case of a user allocating close to the limit of the + * unsigned32. + */ + + if ( size >= (-1 - HEAP_BLOCK_USED_OVERHEAD) ) + return( NULL ); + excess = size % the_heap->page_size; the_size = size + the_heap->page_size + HEAP_BLOCK_USED_OVERHEAD; |