From: Martin DOT Stromberg AT lu DOT erisoft DOT se (Martin Stromberg)
Newsgroups: comp.os.msdos.djgpp
Subject: Re: gdb crashing: found a bug in dbgcom.c
Date: 18 Feb 1998 10:40:24 GMT
Organization: Ericsson Erisoft AB, Sweden
Lines: 35
Message-ID: <6cedqo$fjk$1@antares.lu.erisoft.se>
References: <199802171519 DOT HAA06898 AT sirius DOT cs DOT pdx DOT edu>
NNTP-Posting-Host: juno.lu.erisoft.se
To: djgpp AT delorie DOT com
DJ-Gateway: from newsgroup comp.os.msdos.djgpp
Precedence: bulk

Ian D Romanick (idr AT cs DOT pdx DOT edu) wrote:
: > --- dbgcom.c	Tue Aug 13 00:08:04 1996
: > +++ /tmp/djlib.new/dbgcom.c	Tue Feb 17 02:40:12 1998
: > @@ -553,7 +553,7 @@
: >  
: >    unsigned limit;
: >    limit = __dpmi_get_segment_limit(__djgpp_app_DS);
: > -  if(a >= 4096 && (a+len-1) <= limit)
: > +  if(a >= 4096 && a <= limit && (a+len-1) <= limit)
: >      return 0;
: >  /*  printf("Invalid access to child, address %#x length %#x  limit: %#x\n", a, len, limit);
: >    if (can_longjmp)
:
: I think that this patch is not quite right.  What if 'a' is 'limit-2' and
: 'len' is 4?  You will have the same problem.  I think that changing the
: expression to the following would be better.
:
:     if ( (a >= 4096) && (a < (limit - len)) )

Well, yes and no:
No, because, according to the third comparison,
a+len-1 = limit-2+4-1 = limit+1 > limit, if limit != 0xffffffff
                                < limit, if limit == 0xffffffff.
But if limit == 0xffffffff then we have access to the whole memory, I 
think.

Yes, because it's smaller and more easily read and computed, and because
of the a >= 4096 part. What is that for? Are we never allowed to look at 
memory addresses < 4096? Why? Anyway, if it's so, then the first patch
was wrong.


LoL,

							MartinS