From 9b63fbf86746ba5f30e9ba2c993492afe28671a8 Mon Sep 17 00:00:00 2001 From: Joel Sherrill Date: Wed, 14 Jul 2004 21:05:15 +0000 Subject: 2004-07-14 Joel Sherrill PR 650/rtems * score/src/coremsg.c: Check for mathemathical overflow when calculating amount of memory to allocate for message buffers. --- cpukit/ChangeLog | 6 ++++++ cpukit/score/src/coremsg.c | 48 +++++++++++++++++++++++++++++++--------------- 2 files changed, 39 insertions(+), 15 deletions(-) (limited to 'cpukit') diff --git a/cpukit/ChangeLog b/cpukit/ChangeLog index 31d5c3d5e1..0aee310f74 100644 --- a/cpukit/ChangeLog +++ b/cpukit/ChangeLog @@ -1,3 +1,9 @@ +2004-07-14 Joel Sherrill + + PR 650/rtems + * score/src/coremsg.c: Check for mathemathical overflow when calculating + amount of memory to allocate for message buffers. + 2004-07-14 Joel Sherrill PR 651/core diff --git a/cpukit/score/src/coremsg.c b/cpukit/score/src/coremsg.c index 678da1d0b8..120e03e360 100644 --- a/cpukit/score/src/coremsg.c +++ b/cpukit/score/src/coremsg.c @@ -51,46 +51,64 @@ boolean _CORE_message_queue_Initialize( CORE_message_queue_Control *the_message_queue, CORE_message_queue_Attributes *the_message_queue_attributes, - uint32_t maximum_pending_messages, - uint32_t maximum_message_size + unsigned32 maximum_pending_messages, + unsigned32 maximum_message_size ) { - uint32_t message_buffering_required; - uint32_t allocated_message_size; + unsigned32 message_buffering_required; + unsigned32 allocated_message_size; the_message_queue->maximum_pending_messages = maximum_pending_messages; the_message_queue->number_of_pending_messages = 0; the_message_queue->maximum_message_size = maximum_message_size; _CORE_message_queue_Set_notify( the_message_queue, NULL, NULL ); - + /* - * round size up to multiple of a ptr for chain init + * Round size up to multiple of a pointer for chain init and + * check for overflow on adding overhead to each message. */ - + allocated_message_size = maximum_message_size; - if (allocated_message_size & (sizeof(uint32_t ) - 1)) { - allocated_message_size += sizeof(uint32_t ); - allocated_message_size &= ~(sizeof(uint32_t ) - 1); + if (allocated_message_size & (sizeof(unsigned32) - 1)) { + allocated_message_size += sizeof(unsigned32); + allocated_message_size &= ~(sizeof(unsigned32) - 1); } + + if (allocated_message_size < maximum_message_size) + return FALSE; + /* + * Calculate how much total memory is required for message buffering and + * check for overflow on the multiplication. + */ message_buffering_required = maximum_pending_messages * (allocated_message_size + sizeof(CORE_message_queue_Buffer_control)); + + if (message_buffering_required < allocated_message_size) + return FALSE; - the_message_queue->message_buffers = (CORE_message_queue_Buffer *) + /* + * Attempt to allocate the message memory + */ + the_message_queue->message_buffers = (CORE_message_queue_Buffer *) _Workspace_Allocate( message_buffering_required ); - + if (the_message_queue->message_buffers == 0) return FALSE; - + + /* + * Initialize the pool of inactive messages, pending messages, + * and set of waiting threads. + */ _Chain_Initialize ( &the_message_queue->Inactive_messages, the_message_queue->message_buffers, maximum_pending_messages, allocated_message_size + sizeof( CORE_message_queue_Buffer_control ) ); - + _Chain_Initialize_empty( &the_message_queue->Pending_messages ); - + _Thread_queue_Initialize( &the_message_queue->Wait_queue, _CORE_message_queue_Is_priority( the_message_queue_attributes ) ? -- cgit v1.2.3