<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<title>change log for rtems (2011-07-08)</title>

</head>

<body text='#000000' bgcolor='#ffffff'>

<a name='cs1'></a>

<table border='0' cellspacing='0' cellpadding='5' width='100%' bgcolor='#eeeeee'>

<tr><td colspan='3' bgcolor='#dddddd'>

 <font color='#bb2222'><strong>joel</strong></font>

</td></tr>

<tr><td colspan='3' bgcolor='#dddddd'><pre>2011-07-08 Joel Sherrill <joel.sherrill@oarcorp.com>

        * score/src/coremsg.c: Use 64-bit intermediate result on multiply to

        reliably detect overflow.

</pre></td></tr>

<tr><td width='1%'><a href="http://www.rtems.com/cgi-bin/viewcvs.cgi//rtems/cpukit/ChangeLog.diff?r1=text&tr1=1.2868&r2=text&tr2=1.2869&diff_format=h">M</a></td><td width='1%'>1.2869</td><td width='100%'>cpukit/ChangeLog</td></tr>

<tr><td width='1%'><a href="http://www.rtems.com/cgi-bin/viewcvs.cgi//rtems/cpukit/score/src/coremsg.c.diff?r1=text&tr1=1.29&r2=text&tr2=1.30&diff_format=h">M</a></td><td width='1%'>1.30</td><td width='100%'>cpukit/score/src/coremsg.c</td></tr>

</table>

<pre>

<font color='#006600'>diff -u rtems/cpukit/ChangeLog:1.2868 rtems/cpukit/ChangeLog:1.2869

--- rtems/cpukit/ChangeLog:1.2868       Thu Jul  7 17:14:59 2011

+++ rtems/cpukit/ChangeLog      Fri Jul  8 11:50:53 2011

</font><font color='#997700'>@@ -1,3 +1,8 @@

</font><font color='#000088'>+2011-07-08    Joel Sherrill <joel.sherrill@oarcorp.com>

+

+       * score/src/coremsg.c: Use 64-bit intermediate result on multiply to

+       reliably detect overflow.

+

</font> 2011-07-07        Joel Sherrill <joel.sherrill@oarcorp.com>

        * libblock/src/nvdisk-sram.c, libi2c/libi2c.c,

<font color='#006600'>diff -u rtems/cpukit/score/src/coremsg.c:1.29 rtems/cpukit/score/src/coremsg.c:1.30

--- rtems/cpukit/score/src/coremsg.c:1.29       Sun Nov 29 07:51:52 2009

+++ rtems/cpukit/score/src/coremsg.c    Fri Jul  8 11:50:53 2011

</font><font color='#997700'>@@ -31,6 +31,27 @@

</font> #include <rtems/score/wkspace.h>

 /*

<font color='#000088'>+ *  size_t_mult32_with_overflow

+ *

+ *  This method multiplies two size_t 32-bit numbers and checks

+ *  for overflow.  It returns false if an overflow occurred and

+ *  the result is bad.

+ */

+static inline bool size_t_mult32_with_overflow(

+  size_t  a,

+  size_t  b,

+  size_t *c

+)

+{

+  long long x = (long long)a*b;

+

+  if ( x > SIZE_MAX )

+    return false;

+  *c = (size_t) x;

+  return true;

+}

+

+/*

</font>  *  _CORE_message_queue_Initialize

  *

  *  This routine initializes a newly created message queue based on the

<font color='#997700'>@@ -55,7 +76,7 @@

</font>   size_t                         maximum_message_size

 )

 {

<font color='#880000'>-  size_t message_buffering_required;

</font><font color='#000088'>+  size_t message_buffering_required = 0;

</font>   size_t allocated_message_size;

   the_message_queue->maximum_pending_messages   = maximum_pending_messages;

<font color='#997700'>@@ -80,10 +101,10 @@

</font>    *  Calculate how much total memory is required for message buffering and

    *  check for overflow on the multiplication.

    */

<font color='#880000'>-  message_buffering_required = (size_t) maximum_pending_messages *

-       (allocated_message_size + sizeof(CORE_message_queue_Buffer_control));

-

-  if (message_buffering_required < allocated_message_size)

</font><font color='#000088'>+  if ( !size_t_mult32_with_overflow(

+        (size_t) maximum_pending_messages,

+        allocated_message_size + sizeof(CORE_message_queue_Buffer_control),

+        &message_buffering_required ) )<span style="background-color: #FF0000"> </span>

</font>     return false;

   /*

</pre>

<p> </p>

<a name='cs2'></a>

<table border='0' cellspacing='0' cellpadding='5' width='100%' bgcolor='#eeeeee'>

<tr><td colspan='3' bgcolor='#dddddd'>

 <font color='#bb2222'><strong>joel</strong></font>

</td></tr>

<tr><td colspan='3' bgcolor='#dddddd'><pre>2011-07-08 Joel Sherrill <joel.sherrill@oarcorp.com>

        * sp09/screen07.c, sp09/sp09.scn: Add a case where the multiply of

        number of buffers times buffer size exceeds that representable by

        size_t.

</pre></td></tr>

<tr><td width='1%'><a href="http://www.rtems.com/cgi-bin/viewcvs.cgi//rtems/testsuites/sptests/ChangeLog.diff?r1=text&tr1=1.459&r2=text&tr2=1.460&diff_format=h">M</a></td><td width='1%'>1.460</td><td width='100%'>testsuites/sptests/ChangeLog</td></tr>

<tr><td width='1%'><a href="http://www.rtems.com/cgi-bin/viewcvs.cgi//rtems/testsuites/sptests/sp09/screen07.c.diff?r1=text&tr1=1.24&r2=text&tr2=1.25&diff_format=h">M</a></td><td width='1%'>1.25</td><td width='100%'>testsuites/sptests/sp09/screen07.c</td></tr>

<tr><td width='1%'><a href="http://www.rtems.com/cgi-bin/viewcvs.cgi//rtems/testsuites/sptests/sp09/sp09.scn.diff?r1=text&tr1=1.29&r2=text&tr2=1.30&diff_format=h">M</a></td><td width='1%'>1.30</td><td width='100%'>testsuites/sptests/sp09/sp09.scn</td></tr>

</table>

<pre>

<font color='#006600'>diff -u rtems/testsuites/sptests/ChangeLog:1.459 rtems/testsuites/sptests/ChangeLog:1.460

--- rtems/testsuites/sptests/ChangeLog:1.459    Mon Jun 20 02:04:50 2011

+++ rtems/testsuites/sptests/ChangeLog  Fri Jul  8 11:51:35 2011

</font><font color='#997700'>@@ -1,3 +1,9 @@

</font><font color='#000088'>+2011-07-08    Joel Sherrill <joel.sherrill@oarcorp.com>

+

+       * sp09/screen07.c, sp09/sp09.scn: Add a case where the multiply of

+       number of buffers times buffer size exceeds that representable by

+       size_t.

+

</font> 2011-06-20        Ralf Corsépius <ralf.corsepius@rtems.org>

        * sp66/init.c: Remove (unused).

<font color='#006600'>diff -u rtems/testsuites/sptests/sp09/screen07.c:1.24 rtems/testsuites/sptests/sp09/screen07.c:1.25

--- rtems/testsuites/sptests/sp09/screen07.c:1.24       Fri Mar 11 14:26:59 2011

+++ rtems/testsuites/sptests/sp09/screen07.c    Fri Jul  8 11:51:35 2011

</font><font color='#997700'>@@ -135,6 +135,21 @@

</font>   );

   puts( "TA1 - rtems_message_queue_create - Q 2 - RTEMS_UNSATISFIED" );

<font color='#000088'>+  /* too large a request for messages */

+  status = rtems_message_queue_create(

+    Queue_name[ 1 ],

+    INT_MAX,

+    INT_MAX,

+    RTEMS_DEFAULT_ATTRIBUTES,

+    &Queue_id[ 1 ]

+  );

+  fatal_directive_status(

+    status,

+    RTEMS_UNSATISFIED,

+    "rtems_message_queue_create unsatisfied"

+  );

+  puts( "TA1 - rtems_message_queue_create - Q 2 - RTEMS_UNSATISFIED #2" );

+

</font>   status = rtems_message_queue_create(

     Queue_name[ 1 ],

     2,

<font color='#006600'>diff -u rtems/testsuites/sptests/sp09/sp09.scn:1.29 rtems/testsuites/sptests/sp09/sp09.scn:1.30

--- rtems/testsuites/sptests/sp09/sp09.scn:1.29 Sat Jun 11 11:42:05 2011

+++ rtems/testsuites/sptests/sp09/sp09.scn      Fri Jul  8 11:51:35 2011

</font><font color='#997700'>@@ -126,6 +126,7 @@

</font> TA1 - rtems_message_queue_create - Q 1 - RTEMS_INVALID_NAME

 TA1 - rtems_message_queue_create - Q 1 - RTEMS_MP_NOT_CONFIGURED

 TA1 - rtems_message_queue_create - Q 2 - RTEMS_UNSATISFIED

<font color='#000088'>+TA1 - rtems_message_queue_create - Q 2 - RTEMS_UNSATISFIED #2

</font> TA1 - rtems_message_queue_create - Q 1 - 2 DEEP - RTEMS_SUCCESSFUL

 TA1 - rtems_message_queue_create - Q 2 - RTEMS_TOO_MANY

 TA1 - rtems_message_queue_delete - unknown RTEMS_INVALID_ID

</pre>

<p> </p>

<p>--<br />

<small>Generated by <a href="http://www.codewiz.org/projects/index.html#loginfo">Deluxe Loginfo</a> 2.122 by Bernardo Innocenti <bernie@develer.com></small></p>

</body>

</html>