Message-ID: <3EA53070.C7CA36D7@yahoo.com> Date: Tue, 22 Apr 2003 08:07:12 -0400 From: CBFalconer Organization: Ched Research X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: djgpp-workers AT delorie DOT com Subject: Re: nmalloc revisited References: <10304211942 DOT AA12379 AT clio DOT rice DOT edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Reply-To: djgpp-workers AT delorie DOT com Charles Sandmann wrote: > ... snip ... > > /* Refuse ridiculously large requests right away. Anything beyond > 2GB will be treated by sbrk as a negative request, i.e. as a > request to _decrease_ the heap size. */ > if (size > 0x7fffffffU - 0x10000U) /* sbrk rounds up to 64KB */ > { > if (__libc_malloc_fail_hook) > __libc_malloc_fail_hook(size); > return 0; > } > > sbrk() takes a signed integer - so you must make sure you don't > pass it anything too big. If someone passes a request to malloc > for something huge, and you pass it to sbrk() - problems. It > appears to succeed, but instead has just decreased the memory > available (bad corruption). > ... snip ... > > http://www.delorie.com/bin/cvsweb.cgi/djgpp/src/libc/ansi/stdlib/malloc.c Took a look there, and AFAICT the large sbrk is the only thing missing. Fixed. This means that NOTHING can create an object larger than that (INT_MAX - safety) value, since they obviously won't fit on the stack. -- Chuck F (cbfalconer AT yahoo DOT com) (cbfalconer AT worldnet DOT att DOT net) Available for consulting/temporary embedded and systems. USE worldnet address!