From d887c1b5b30733fd2d6cf07a4a264f57ab9f4b4b Mon Sep 17 00:00:00 2001 From: Sebastian Huber Date: Wed, 25 May 2016 14:28:34 +0200 Subject: posix: Fix sem_init() with too large initial value Close #2721. --- cpukit/posix/src/seminit.c | 7 ++++++- testsuites/psxtests/psxsem01/init.c | 12 ++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/cpukit/posix/src/seminit.c b/cpukit/posix/src/seminit.c index cc47312172..249edf67ee 100644 --- a/cpukit/posix/src/seminit.c +++ b/cpukit/posix/src/seminit.c @@ -43,8 +43,13 @@ int sem_init( int status; POSIX_Semaphore_Control *the_semaphore; - if ( !sem ) + if ( sem == NULL ) { rtems_set_errno_and_return_minus_one( EINVAL ); + } + + if ( value > SEM_VALUE_MAX ) { + rtems_set_errno_and_return_minus_one( EINVAL ); + } _Objects_Allocator_lock(); status = _POSIX_Semaphore_Create_support( diff --git a/testsuites/psxtests/psxsem01/init.c b/testsuites/psxtests/psxsem01/init.c index 1bec5c65a7..023f79a4ab 100644 --- a/testsuites/psxtests/psxsem01/init.c +++ b/testsuites/psxtests/psxsem01/init.c @@ -109,6 +109,17 @@ static void test_sem_post_overflow(void) rtems_test_assert( rv == 0 ); } +static void test_sem_init_too_large_inital_value(void) +{ + sem_t sem; + int rv; + + errno = 0; + rv = sem_init( &sem, 0, SEM_VALUE_MAX + 1 ); + rtems_test_assert( rv == -1 ); + rtems_test_assert( errno == EINVAL ); +} + void *POSIX_Init( void *argument ) @@ -379,6 +390,7 @@ void *POSIX_Init( test_sem_wait_during_delete(); test_sem_post_overflow(); + test_sem_init_too_large_inital_value(); /* Try adding in unlinking before closing... (can we still open?) */ -- cgit v1.2.3