Mail Archives: djgpp/1998/02/19/23:32:34
Martin Stromberg (Martin DOT Stromberg AT lu DOT erisoft DOT se) wrote:
: Ian D Romanick (idr AT cs DOT pdx DOT edu) wrote:
: : I think that this patch is not quite right. What if 'a' is 'limit-2' and
: : 'len' is 4? You will have the same problem. I think that changing the
: : expression to the following would be better.
: :
: : if ( (a >= 4096) && (a < (limit - len)) )
: Well, yes and no:
: No, because, according to the third comparison,
: a+len-1 = limit-2+4-1 = limit+1 > limit, if limit != 0xffffffff
: < limit, if limit == 0xffffffff.
: But if limit == 0xffffffff then we have access to the whole memory, I
: think.
: Yes, because it's smaller and more easily read and computed, and because
: of the a >= 4096 part. What is that for? Are we never allowed to look at
: memory addresses < 4096? Why? Anyway, if it's so, then the first patch
: was wrong.
I tried your suggestion. Guess what? gdb crashed...
Examining the crash, I found out that if limit == 0 < len, then your
suggestion doesn't work. Here's the latest suggested patch. With this
I consider this bug squashed.
MartinS
*** src/debug/common/dbgcom.c Wed Feb 18 22:19:04 1998
--- src/debug/common/dbgcom.org Tue Aug 13 00:08:04 1996
***************
*** 553,562 ****
unsigned limit;
limit = __dpmi_get_segment_limit(__djgpp_app_DS);
! if(4096 <= a /* First page is used for NULL pointer detection. */
! && a <= limit /* To guard against limit < len. */
! && a - 1 <= limit - len /* To guard against limit <= a + len - 1. */
! )
return 0;
/* printf("Invalid access to child, address %#x length %#x limit: %#x\n", a, len, limit);
if (can_longjmp)
--- 553,559 ----
unsigned limit;
limit = __dpmi_get_segment_limit(__djgpp_app_DS);
! if(a >= 4096 && (a+len-1) <= limit)
return 0;
/* printf("Invalid access to child, address %#x length %#x limit: %#x\n", a, len, limit);
if (can_longjmp)
- Raw text -