change log for rtems (2011-07-08)

Fri Jul 8 17:10:12 UTC 2011

*joel*:
2011-07-08	Joel Sherrill <joel.sherrill at oarcorp.com>

	* score/src/coremsg.c: Use 64-bit intermediate result on multiply to
	reliably detect overflow.

M 1.2869  cpukit/ChangeLog
M   1.30  cpukit/score/src/coremsg.c

diff -u rtems/cpukit/ChangeLog:1.2868 rtems/cpukit/ChangeLog:1.2869

--- rtems/cpukit/ChangeLog:1.2868	Thu Jul  7 17:14:59 2011
+++ rtems/cpukit/ChangeLog	Fri Jul  8 11:50:53 2011
@@ -1,3 +1,8 @@
+2011-07-08	Joel Sherrill <joel.sherrill at oarcorp.com>
+
+	* score/src/coremsg.c: Use 64-bit intermediate result on multiply to
+	reliably detect overflow.
+
 2011-07-07	Joel Sherrill <joel.sherrill at oarcorp.com>
 
 	* libblock/src/nvdisk-sram.c, libi2c/libi2c.c,

diff -u rtems/cpukit/score/src/coremsg.c:1.29 rtems/cpukit/score/src/coremsg.c:1.30
--- rtems/cpukit/score/src/coremsg.c:1.29	Sun Nov 29 07:51:52 2009
+++ rtems/cpukit/score/src/coremsg.c	Fri Jul  8 11:50:53 2011
@@ -31,6 +31,27 @@
 #include <rtems/score/wkspace.h>
 
 /*
+ *  size_t_mult32_with_overflow
+ *
+ *  This method multiplies two size_t 32-bit numbers and checks
+ *  for overflow.  It returns false if an overflow occurred and
+ *  the result is bad.
+ */
+static inline bool size_t_mult32_with_overflow(
+  size_t  a,
+  size_t  b,
+  size_t *c
+)
+{
+  long long x = (long long)a*b;
+
+  if ( x > SIZE_MAX )
+    return false;
+  *c = (size_t) x;
+  return true;
+}
+
+/*
  *  _CORE_message_queue_Initialize
  *
  *  This routine initializes a newly created message queue based on the
@@ -55,7 +76,7 @@
   size_t                         maximum_message_size
 )
 {
-  size_t message_buffering_required;
+  size_t message_buffering_required = 0;
   size_t allocated_message_size;
 
   the_message_queue->maximum_pending_messages   = maximum_pending_messages;
@@ -80,10 +101,10 @@
    *  Calculate how much total memory is required for message buffering and
    *  check for overflow on the multiplication.
    */
-  message_buffering_required = (size_t) maximum_pending_messages *
-       (allocated_message_size + sizeof(CORE_message_queue_Buffer_control));
-
-  if (message_buffering_required < allocated_message_size)
+  if ( !size_t_mult32_with_overflow(
+        (size_t) maximum_pending_messages,
+        allocated_message_size + sizeof(CORE_message_queue_Buffer_control),
+        &message_buffering_required ) ) 
     return false;
 
   /*


 *joel*:
2011-07-08	Joel Sherrill <joel.sherrill at oarcorp.com>

	* sp09/screen07.c, sp09/sp09.scn: Add a case where the multiply of
	number of buffers times buffer size exceeds that representable by
	size_t.

M  1.460  testsuites/sptests/ChangeLog
M   1.25  testsuites/sptests/sp09/screen07.c
M   1.30  testsuites/sptests/sp09/sp09.scn

diff -u rtems/testsuites/sptests/ChangeLog:1.459 rtems/testsuites/sptests/ChangeLog:1.460
--- rtems/testsuites/sptests/ChangeLog:1.459	Mon Jun 20 02:04:50 2011
+++ rtems/testsuites/sptests/ChangeLog	Fri Jul  8 11:51:35 2011
@@ -1,3 +1,9 @@
+2011-07-08	Joel Sherrill <joel.sherrill at oarcorp.com>
+
+	* sp09/screen07.c, sp09/sp09.scn: Add a case where the multiply of
+	number of buffers times buffer size exceeds that representable by
+	size_t.
+
 2011-06-20	Ralf Corsépius <ralf.corsepius at rtems.org>
 
 	* sp66/init.c: Remove (unused).

diff -u rtems/testsuites/sptests/sp09/screen07.c:1.24 rtems/testsuites/sptests/sp09/screen07.c:1.25
--- rtems/testsuites/sptests/sp09/screen07.c:1.24	Fri Mar 11 14:26:59 2011
+++ rtems/testsuites/sptests/sp09/screen07.c	Fri Jul  8 11:51:35 2011
@@ -135,6 +135,21 @@
   );
   puts( "TA1 - rtems_message_queue_create - Q 2 - RTEMS_UNSATISFIED" );
 
+  /* too large a request for messages */
+  status = rtems_message_queue_create(
+    Queue_name[ 1 ],
+    INT_MAX,
+    INT_MAX,
+    RTEMS_DEFAULT_ATTRIBUTES,
+    &Queue_id[ 1 ]
+  );
+  fatal_directive_status(
+    status,
+    RTEMS_UNSATISFIED,
+    "rtems_message_queue_create unsatisfied"
+  );
+  puts( "TA1 - rtems_message_queue_create - Q 2 - RTEMS_UNSATISFIED #2" );
+
   status = rtems_message_queue_create(
     Queue_name[ 1 ],
     2,

diff -u rtems/testsuites/sptests/sp09/sp09.scn:1.29 rtems/testsuites/sptests/sp09/sp09.scn:1.30
--- rtems/testsuites/sptests/sp09/sp09.scn:1.29	Sat Jun 11 11:42:05 2011
+++ rtems/testsuites/sptests/sp09/sp09.scn	Fri Jul  8 11:51:35 2011
@@ -126,6 +126,7 @@
 TA1 - rtems_message_queue_create - Q 1 - RTEMS_INVALID_NAME
 TA1 - rtems_message_queue_create - Q 1 - RTEMS_MP_NOT_CONFIGURED
 TA1 - rtems_message_queue_create - Q 2 - RTEMS_UNSATISFIED
+TA1 - rtems_message_queue_create - Q 2 - RTEMS_UNSATISFIED #2
 TA1 - rtems_message_queue_create - Q 1 - 2 DEEP - RTEMS_SUCCESSFUL
 TA1 - rtems_message_queue_create - Q 2 - RTEMS_TOO_MANY
 TA1 - rtems_message_queue_delete - unknown RTEMS_INVALID_ID



--

Generated by Deluxe Loginfo [http://www.codewiz.org/projects/index.html#loginfo] 2.122 by Bernardo Innocenti <bernie at develer.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/vc/attachments/20110708/a465a074/attachment.html>
