change log for rtems (2011-07-08)
rtems-vc at rtems.org
rtems-vc at rtems.org
Fri Jul 8 17:10:12 UTC 2011
*joel*:
2011-07-08 Joel Sherrill <joel.sherrill at oarcorp.com>
* score/src/coremsg.c: Use 64-bit intermediate result on multiply to
reliably detect overflow.
M 1.2869 cpukit/ChangeLog
M 1.30 cpukit/score/src/coremsg.c
diff -u rtems/cpukit/ChangeLog:1.2868 rtems/cpukit/ChangeLog:1.2869
--- rtems/cpukit/ChangeLog:1.2868 Thu Jul 7 17:14:59 2011
+++ rtems/cpukit/ChangeLog Fri Jul 8 11:50:53 2011
@@ -1,3 +1,8 @@
+2011-07-08 Joel Sherrill <joel.sherrill at oarcorp.com>
+
+ * score/src/coremsg.c: Use 64-bit intermediate result on multiply to
+ reliably detect overflow.
+
2011-07-07 Joel Sherrill <joel.sherrill at oarcorp.com>
* libblock/src/nvdisk-sram.c, libi2c/libi2c.c,
diff -u rtems/cpukit/score/src/coremsg.c:1.29 rtems/cpukit/score/src/coremsg.c:1.30
--- rtems/cpukit/score/src/coremsg.c:1.29 Sun Nov 29 07:51:52 2009
+++ rtems/cpukit/score/src/coremsg.c Fri Jul 8 11:50:53 2011
@@ -31,6 +31,27 @@
#include <rtems/score/wkspace.h>
/*
+ * size_t_mult32_with_overflow
+ *
+ * This method multiplies two size_t 32-bit numbers and checks
+ * for overflow. It returns false if an overflow occurred and
+ * the result is bad.
+ */
+static inline bool size_t_mult32_with_overflow(
+ size_t a,
+ size_t b,
+ size_t *c
+)
+{
+ long long x = (long long)a*b;
+
+ if ( x > SIZE_MAX )
+ return false;
+ *c = (size_t) x;
+ return true;
+}
+
+/*
* _CORE_message_queue_Initialize
*
* This routine initializes a newly created message queue based on the
@@ -55,7 +76,7 @@
size_t maximum_message_size
)
{
- size_t message_buffering_required;
+ size_t message_buffering_required = 0;
size_t allocated_message_size;
the_message_queue->maximum_pending_messages = maximum_pending_messages;
@@ -80,10 +101,10 @@
* Calculate how much total memory is required for message buffering and
* check for overflow on the multiplication.
*/
- message_buffering_required = (size_t) maximum_pending_messages *
- (allocated_message_size + sizeof(CORE_message_queue_Buffer_control));
-
- if (message_buffering_required < allocated_message_size)
+ if ( !size_t_mult32_with_overflow(
+ (size_t) maximum_pending_messages,
+ allocated_message_size + sizeof(CORE_message_queue_Buffer_control),
+ &message_buffering_required ) )
return false;
/*
*joel*:
2011-07-08 Joel Sherrill <joel.sherrill at oarcorp.com>
* sp09/screen07.c, sp09/sp09.scn: Add a case where the multiply of
number of buffers times buffer size exceeds that representable by
size_t.
M 1.460 testsuites/sptests/ChangeLog
M 1.25 testsuites/sptests/sp09/screen07.c
M 1.30 testsuites/sptests/sp09/sp09.scn
diff -u rtems/testsuites/sptests/ChangeLog:1.459 rtems/testsuites/sptests/ChangeLog:1.460
--- rtems/testsuites/sptests/ChangeLog:1.459 Mon Jun 20 02:04:50 2011
+++ rtems/testsuites/sptests/ChangeLog Fri Jul 8 11:51:35 2011
@@ -1,3 +1,9 @@
+2011-07-08 Joel Sherrill <joel.sherrill at oarcorp.com>
+
+ * sp09/screen07.c, sp09/sp09.scn: Add a case where the multiply of
+ number of buffers times buffer size exceeds that representable by
+ size_t.
+
2011-06-20 Ralf Corsépius <ralf.corsepius at rtems.org>
* sp66/init.c: Remove (unused).
diff -u rtems/testsuites/sptests/sp09/screen07.c:1.24 rtems/testsuites/sptests/sp09/screen07.c:1.25
--- rtems/testsuites/sptests/sp09/screen07.c:1.24 Fri Mar 11 14:26:59 2011
+++ rtems/testsuites/sptests/sp09/screen07.c Fri Jul 8 11:51:35 2011
@@ -135,6 +135,21 @@
);
puts( "TA1 - rtems_message_queue_create - Q 2 - RTEMS_UNSATISFIED" );
+ /* too large a request for messages */
+ status = rtems_message_queue_create(
+ Queue_name[ 1 ],
+ INT_MAX,
+ INT_MAX,
+ RTEMS_DEFAULT_ATTRIBUTES,
+ &Queue_id[ 1 ]
+ );
+ fatal_directive_status(
+ status,
+ RTEMS_UNSATISFIED,
+ "rtems_message_queue_create unsatisfied"
+ );
+ puts( "TA1 - rtems_message_queue_create - Q 2 - RTEMS_UNSATISFIED #2" );
+
status = rtems_message_queue_create(
Queue_name[ 1 ],
2,
diff -u rtems/testsuites/sptests/sp09/sp09.scn:1.29 rtems/testsuites/sptests/sp09/sp09.scn:1.30
--- rtems/testsuites/sptests/sp09/sp09.scn:1.29 Sat Jun 11 11:42:05 2011
+++ rtems/testsuites/sptests/sp09/sp09.scn Fri Jul 8 11:51:35 2011
@@ -126,6 +126,7 @@
TA1 - rtems_message_queue_create - Q 1 - RTEMS_INVALID_NAME
TA1 - rtems_message_queue_create - Q 1 - RTEMS_MP_NOT_CONFIGURED
TA1 - rtems_message_queue_create - Q 2 - RTEMS_UNSATISFIED
+TA1 - rtems_message_queue_create - Q 2 - RTEMS_UNSATISFIED #2
TA1 - rtems_message_queue_create - Q 1 - 2 DEEP - RTEMS_SUCCESSFUL
TA1 - rtems_message_queue_create - Q 2 - RTEMS_TOO_MANY
TA1 - rtems_message_queue_delete - unknown RTEMS_INVALID_ID
--
Generated by Deluxe Loginfo [http://www.codewiz.org/projects/index.html#loginfo] 2.122 by Bernardo Innocenti <bernie at develer.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/vc/attachments/20110708/a465a074/attachment.html>
More information about the vc
mailing list