From:	Martin DOT Stromberg AT lu DOT erisoft DOT se (Martin Stromberg)
Newsgroups:	comp.os.msdos.djgpp
Subject:	Re: gdb crashing: found a bug in dbgcom.c
Date:	18 Feb 1998 10:40:24 GMT
Organization:	Ericsson Erisoft AB, Sweden
Lines:	35
Message-ID:	<6cedqo$fjk$1@antares.lu.erisoft.se>
References:	<199802171519 DOT HAA06898 AT sirius DOT cs DOT pdx DOT edu>
NNTP-Posting-Host:	juno.lu.erisoft.se
To:	djgpp AT delorie DOT com
DJ-Gateway:	from newsgroup comp.os.msdos.djgpp

Ian D Romanick (idr AT cs DOT pdx DOT edu) wrote:
: > --- dbgcom.c	Tue Aug 13 00:08:04 1996
: > +++ /tmp/djlib.new/dbgcom.c	Tue Feb 17 02:40:12 1998
: > @@ -553,7 +553,7 @@
: >  
: >    unsigned limit;
: >    limit = __dpmi_get_segment_limit(__djgpp_app_DS);
: > -  if(a >= 4096 && (a+len-1) <= limit)
: > +  if(a >= 4096 && a <= limit && (a+len-1) <= limit)
: >      return 0;
: >  /*  printf("Invalid access to child, address %#x length %#x  limit: %#x\n", a, len, limit);
: >    if (can_longjmp)
:
: I think that this patch is not quite right.  What if 'a' is 'limit-2' and
: 'len' is 4?  You will have the same problem.  I think that changing the
: expression to the following would be better.
:
:     if ( (a >= 4096) && (a < (limit - len)) )

Well, yes and no:
No, because, according to the third comparison,
a+len-1 = limit-2+4-1 = limit+1 > limit, if limit != 0xffffffff
                                < limit, if limit == 0xffffffff.
But if limit == 0xffffffff then we have access to the whole memory, I 
think.

Yes, because it's smaller and more easily read and computed, and because
of the a >= 4096 part. What is that for? Are we never allowed to look at 
memory addresses < 4096? Why? Anyway, if it's so, then the first patch
was wrong.


LoL,

							MartinS

- Raw text -