[dotgnu-pnet-commits] pnet ChangeLog engine/lib

dotgnu-pnet-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[dotgnu-pnet-commits] pnet ChangeLog engine/lib_string.c

From:	Klaus Treichel
Subject:	[dotgnu-pnet-commits] pnet ChangeLog engine/lib_string.c
Date:	Thu, 17 May 2007 09:45:03 +0000

CVSROOT:        /cvsroot/dotgnu-pnet
Module name:    pnet
Changes by:     Klaus Treichel <ktreichel>      07/05/17 09:45:03

Modified files:
        .              : ChangeLog 
        engine         : lib_string.c 

Log message:
        Fix a segfault caused by an overflow when creating a new StringBuilder.

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/pnet/ChangeLog?cvsroot=dotgnu-pnet&r1=1.3454&r2=1.3455
http://cvs.savannah.gnu.org/viewcvs/pnet/engine/lib_string.c?cvsroot=dotgnu-pnet&r1=1.40&r2=1.41

Patches:
Index: ChangeLog
===================================================================
RCS file: /cvsroot/dotgnu-pnet/pnet/ChangeLog,v
retrieving revision 1.3454
retrieving revision 1.3455
diff -u -b -r1.3454 -r1.3455
--- ChangeLog   10 May 2007 18:28:58 -0000      1.3454
+++ ChangeLog   17 May 2007 09:45:02 -0000      1.3455
@@ -1,3 +1,9 @@
+2007-05-17  Klaus Treichel  <address@hidden>
+
+       * engine/lib_string.c: Check the new string builder capacity prior to
+       allocating the new StringBuilder to fix a not detected overflow when
+       the real memory size is computed in IL_String_NewBuilder.
+
 2007-05-10  Klaus Treichel  <address@hidden>
 
        * support/dynlib.c: Fix ILDynLibraryGetSymbol for FreeBSD. Resolving a 

Index: engine/lib_string.c
===================================================================
RCS file: /cvsroot/dotgnu-pnet/pnet/engine/lib_string.c,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -b -r1.40 -r1.41
--- engine/lib_string.c 17 Dec 2006 10:31:32 -0000      1.40
+++ engine/lib_string.c 17 May 2007 09:45:03 -0000      1.41
@@ -662,6 +662,12 @@
        {
                roundLen = length;
        }
+       /* Check if we have an overflow */
+       if((roundLen < 0) || (roundLen > ((IL_MAX_INT32 >> 1) - 
sizeof(System_String))))
+       {
+               ILExecThreadThrowOutOfMemory(thread);
+               return 0;
+       }
        roundLen = ((length + 7) & ~7); /* Round to a multiple of 8 */
        str = (System_String *)_ILEngineAllocAtomic(thread,
                                                                                
                thread->process->stringClass,

[Prev in Thread]

Current Thread

[Next in Thread]

[dotgnu-pnet-commits] pnet ChangeLog engine/lib_string.c, Klaus Treichel <=

Prev by Date: [dotgnu-pnet-commits] pnet ChangeLog support/dynlib.c
Next by Date: [dotgnu-pnet-commits] pnetlib ChangeLog runtime/Microsoft/Win32/Regis...
Previous by thread: [dotgnu-pnet-commits] pnet ChangeLog support/dynlib.c
Next by thread: [dotgnu-pnet-commits] pnetlib ChangeLog runtime/Microsoft/Win32/Regis...
Index(es):
- Date
- Thread