diff options
| author | bde <bde@FreeBSD.org> | 1996-06-25 18:54:42 +0000 |
|---|---|---|
| committer | bde <bde@FreeBSD.org> | 1996-06-25 18:54:42 +0000 |
| commit | f5443edf10bfced5e4a0f43bf4ddd181b063a7aa (patch) | |
| tree | 4674adce6c2f1f940a9a7194f0e7d3d2cb2e26cd | |
| parent | c79c2d405d9a08b4ad2ac1827b60d5f99caac653 (diff) | |
| download | FreeBSD-src-f5443edf10bfced5e4a0f43bf4ddd181b063a7aa.zip FreeBSD-src-f5443edf10bfced5e4a0f43bf4ddd181b063a7aa.tar.gz | |
Fixed comparisons so that preposterously large (>= 0x80000000) brk values
aren't silently converted to minbrk. This stops malloc(INT_MAX) from
dumping core. Small values are still silently converted. They should
be an error. sbrk() doesn't do any range checking or conversions or
overflow checking.
Moved PIC_EPILOGUE invocation to a more natural place where it
obviously doesn't interfere with the comparison.
| -rw-r--r-- | lib/libc/amd64/sys/brk.S | 10 | ||||
| -rw-r--r-- | lib/libc/i386/sys/brk.S | 10 |
2 files changed, 10 insertions, 10 deletions
diff --git a/lib/libc/amd64/sys/brk.S b/lib/libc/amd64/sys/brk.S index 1636858..2ae87fa 100644 --- a/lib/libc/amd64/sys/brk.S +++ b/lib/libc/amd64/sys/brk.S @@ -33,12 +33,12 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: brk.S,v 1.2 1995/01/23 01:29:39 davidg Exp $ + * $Id: brk.S,v 1.3 1996/05/05 07:56:10 peter Exp $ */ #if defined(SYSLIBC_RCS) && !defined(lint) .text - .asciz "$Id: brk.S,v 1.2 1995/01/23 01:29:39 davidg Exp $" + .asciz "$Id: brk.S,v 1.3 1996/05/05 07:56:10 peter Exp $" #endif /* SYSLIBC_RCS and not lint */ #include "SYS.h" @@ -54,9 +54,9 @@ ENTRY(brk) PIC_PROLOGUE movl PIC_GOT(HIDENAME(curbrk)),%edx # set up GOT addressing movl PIC_GOT(HIDENAME(minbrk)),%ecx # - cmpl %eax,(%ecx) PIC_EPILOGUE - jl ok + cmpl %eax,(%ecx) + jbe ok movl (%ecx),%eax movl %eax,4(%esp) ok: @@ -75,7 +75,7 @@ err: movl 4(%esp),%eax cmpl %eax,HIDENAME(minbrk) - jl ok + jbe ok movl HIDENAME(minbrk),%eax movl %eax,4(%esp) ok: diff --git a/lib/libc/i386/sys/brk.S b/lib/libc/i386/sys/brk.S index 1636858..2ae87fa 100644 --- a/lib/libc/i386/sys/brk.S +++ b/lib/libc/i386/sys/brk.S @@ -33,12 +33,12 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: brk.S,v 1.2 1995/01/23 01:29:39 davidg Exp $ + * $Id: brk.S,v 1.3 1996/05/05 07:56:10 peter Exp $ */ #if defined(SYSLIBC_RCS) && !defined(lint) .text - .asciz "$Id: brk.S,v 1.2 1995/01/23 01:29:39 davidg Exp $" + .asciz "$Id: brk.S,v 1.3 1996/05/05 07:56:10 peter Exp $" #endif /* SYSLIBC_RCS and not lint */ #include "SYS.h" @@ -54,9 +54,9 @@ ENTRY(brk) PIC_PROLOGUE movl PIC_GOT(HIDENAME(curbrk)),%edx # set up GOT addressing movl PIC_GOT(HIDENAME(minbrk)),%ecx # - cmpl %eax,(%ecx) PIC_EPILOGUE - jl ok + cmpl %eax,(%ecx) + jbe ok movl (%ecx),%eax movl %eax,4(%esp) ok: @@ -75,7 +75,7 @@ err: movl 4(%esp),%eax cmpl %eax,HIDENAME(minbrk) - jl ok + jbe ok movl HIDENAME(minbrk),%eax movl %eax,4(%esp) ok: |
