[PATCH 2/3] posix: Fix sem_init() with too large initial value

[Sebastian Huber]

Close #2721.
---
 cpukit/posix/src/seminit.c          |  7 ++++++-
 testsuites/psxtests/psxsem01/init.c | 12 ++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/cpukit/posix/src/seminit.c b/cpukit/posix/src/seminit.c
index cc47312..249edf6 100644
--- a/cpukit/posix/src/seminit.c
+++ b/cpukit/posix/src/seminit.c
@@ -43,8 +43,13 @@ int sem_init(
   int                        status;
   POSIX_Semaphore_Control   *the_semaphore;
 
-  if ( !sem )
+  if ( sem == NULL ) {
     rtems_set_errno_and_return_minus_one( EINVAL );
+  }
+
+  if ( value > SEM_VALUE_MAX ) {
+    rtems_set_errno_and_return_minus_one( EINVAL );
+  }
 
   _Objects_Allocator_lock();
   status = _POSIX_Semaphore_Create_support(
diff --git a/testsuites/psxtests/psxsem01/init.c b/testsuites/psxtests/psxsem01/init.c
index 1bec5c6..023f79a 100644
--- a/testsuites/psxtests/psxsem01/init.c
+++ b/testsuites/psxtests/psxsem01/init.c
@@ -109,6 +109,17 @@ static void test_sem_post_overflow(void)
   rtems_test_assert( rv == 0 );
 }
 
+static void test_sem_init_too_large_inital_value(void)
+{
+  sem_t sem;
+  int   rv;
+
+  errno = 0;
+  rv = sem_init( &sem, 0, SEM_VALUE_MAX + 1 );
+  rtems_test_assert( rv == -1 );
+  rtems_test_assert( errno == EINVAL );
+}
+
 void *POSIX_Init(
   void *argument
 )
@@ -379,6 +390,7 @@ void *POSIX_Init(
 
   test_sem_wait_during_delete();
   test_sem_post_overflow();
+  test_sem_init_too_large_inital_value();
 
   /* Try adding in unlinking before closing... (can we still open?) */
 
-- 
1.8.4.5