Message-ID:	<3EA53070.C7CA36D7@yahoo.com>
Date:	Tue, 22 Apr 2003 08:07:12 -0400
From:	CBFalconer <cbfalconer AT yahoo DOT com>
Organization:	Ched Research
X-Mailer:	Mozilla 4.75 [en] (Win98; U)
X-Accept-Language:	en
MIME-Version:	1.0
To:	djgpp-workers AT delorie DOT com
Subject:	Re: nmalloc revisited
References:	<10304211942 DOT AA12379 AT clio DOT rice DOT edu>
Reply-To:	djgpp-workers AT delorie DOT com

Charles Sandmann wrote:
> 
... snip ...
> 
>   /* Refuse ridiculously large requests right away.  Anything beyond
>      2GB will be treated by sbrk as a negative request, i.e. as a
>      request to _decrease_ the heap size.  */
>   if (size > 0x7fffffffU - 0x10000U) /* sbrk rounds up to 64KB */
>   {
>     if (__libc_malloc_fail_hook)
>       __libc_malloc_fail_hook(size);
>     return 0;
>   }
> 
> sbrk() takes a signed integer - so you must make sure you don't
> pass it anything too big.  If someone passes a request to malloc
> for something huge, and you pass it to sbrk() - problems.  It
> appears to succeed, but instead has just decreased the memory
> available (bad corruption).
> 
... snip ...
> 
> http://www.delorie.com/bin/cvsweb.cgi/djgpp/src/libc/ansi/stdlib/malloc.c

Took a look there, and AFAICT the large sbrk is the only thing
missing. Fixed. This means that NOTHING can create an object
larger than that (INT_MAX - safety) value, since they obviously
won't fit on the stack.

-- 
Chuck F (cbfalconer AT yahoo DOT com) (cbfalconer AT worldnet DOT att DOT net)
   Available for consulting/temporary embedded and systems.
   <http://cbfalconer.home.att.net>  USE worldnet address!

- Raw text -