From 66fedb46febb86d7e120b18e3bb4f93e99aee594 Mon Sep 17 00:00:00 2001
From: Joel Sherrill <joel.sherrill@OARcorp.com>
Date: Tue, 28 Nov 2000 21:47:39 +0000
Subject: 2000-11-28	Chris Johns <ccj@acm.org>

	* src/heapallocate.c: Do not allow the size to overflow when
	adjusting it.  A test allocated a stack of -1 (~0). This
	actually resulted in a stack being allocated but with a
	size of 0xb. The allocator did not test the size to see if
	it rolled through 0 and so allowed the allocation to happen, the
	thread to get created. The task crashed as you would expect.
---
 cpukit/score/src/heapallocate.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'cpukit/score/src')

diff --git a/cpukit/score/src/heapallocate.c b/cpukit/score/src/heapallocate.c
index 661a4ba0f7..3699a6b080 100644
--- a/cpukit/score/src/heapallocate.c
+++ b/cpukit/score/src/heapallocate.c
@@ -43,7 +43,15 @@ void *_Heap_Allocate(
   Heap_Block *temporary_block;
   void       *ptr;
   unsigned32  offset;
-  
+
+  /*
+   * Catch the case of a user allocating close to the limit of the
+   * unsigned32.
+   */
+
+  if ( size >= (-1 - HEAP_BLOCK_USED_OVERHEAD) )
+    return( NULL );
+
   excess   = size % the_heap->page_size;
   the_size = size + the_heap->page_size + HEAP_BLOCK_USED_OVERHEAD;
   
-- 
cgit v1.2.3