Opened on 07/14/04 at 13:25:27

Closed on 07/14/04 at 20:06:14

Last modified on 12/03/06 at 13:31:13

#650 closed defect (fixed)

message initialize buffer size wrap not detected

Reported by: Joel Sherrill Owned by: Joel Sherrill
Priority: normal Milestone: 2
Component: score Version: 4.6
Severity: major Keywords:
Cc: bugs@… Blocked By:
Blocking:

Description

When the message size is large enough to be close to wrapping, adding the overhead to it can result in undetected wrapping. Similarly, if the number of messages multiplied by the size of each message buffer wraps, this is also undetected. Either condition results in an insufficiently small message buffer pool which may lead to an invalid memory access.

Release:
4.6 and CVS

Environment:
All

Attachments (1)

pr650.diff (1.6 KB) - added by Joel Sherrill on 12/03/06 at 13:31:13.
pr650.diff

Download all attachments as: .zip

Change History (2)

comment:1 Changed on 07/14/04 at 20:06:14 by Joel Sherrill

Status: assignedclosed

State-Changed-From-To: open->closed
State-Changed-Why: Attached patch was committed.

2004-07-14 Joel Sherrill <joel@…>

PR 650/rtems

  • score/src/coremsg.c: Check for mathemathical overflow

when calculating amount of memory to allocate for message
buffers.

Changed on 12/03/06 at 13:31:13 by Joel Sherrill

Attachment: pr650.diff added

pr650.diff

Note: See TracTickets for help on using tickets.