From: Martin DOT Stromberg AT lu DOT erisoft DOT se (Martin Stromberg)
Newsgroups: comp.os.msdos.djgpp
Subject: Re: gdb crashing: found a bug in dbgcom.c
Date: 19 Feb 1998 13:31:09 GMT
Organization: Ericsson Erisoft AB, Sweden
Lines: 52
Message-ID: <6chc6t$nou$1@antares.lu.erisoft.se>
References: <199802171519 DOT HAA06898 AT sirius DOT cs DOT pdx DOT edu> <6cedqo$fjk$1 AT antares DOT lu DOT erisoft DOT se>
NNTP-Posting-Host: juno.lu.erisoft.se
To: djgpp AT delorie DOT com
DJ-Gateway: from newsgroup comp.os.msdos.djgpp
Precedence: bulk

Martin Stromberg (Martin DOT Stromberg AT lu DOT erisoft DOT se) wrote:
: Ian D Romanick (idr AT cs DOT pdx DOT edu) wrote:
: : I think that this patch is not quite right.  What if 'a' is 'limit-2' and
: : 'len' is 4?  You will have the same problem.  I think that changing the
: : expression to the following would be better.
: :
: :     if ( (a >= 4096) && (a < (limit - len)) )

: Well, yes and no:
: No, because, according to the third comparison,
: a+len-1 = limit-2+4-1 = limit+1 > limit, if limit != 0xffffffff
:                                 < limit, if limit == 0xffffffff.
: But if limit == 0xffffffff then we have access to the whole memory, I 
: think.

: Yes, because it's smaller and more easily read and computed, and because
: of the a >= 4096 part. What is that for? Are we never allowed to look at 
: memory addresses < 4096? Why? Anyway, if it's so, then the first patch
: was wrong.

I tried your suggestion. Guess what? gdb crashed...
Examining the crash, I found out that if limit == 0 < len, then your
suggestion doesn't work. Here's the latest suggested patch. With this
I consider this bug squashed.

							MartinS


*** src/debug/common/dbgcom.c	Wed Feb 18 22:19:04 1998
--- src/debug/common/dbgcom.org	Tue Aug 13 00:08:04 1996
***************
*** 553,562 ****
  
    unsigned limit;
    limit = __dpmi_get_segment_limit(__djgpp_app_DS);
!   if(4096 <= a             /* First page is used for NULL pointer detection. */
!   && a <= limit            /* To guard against limit < len. */
!   && a - 1 <= limit - len  /* To guard against limit <= a + len - 1. */
!      )
      return 0;
  /*  printf("Invalid access to child, address %#x length %#x  limit: %#x\n", a, len, limit);
    if (can_longjmp)
--- 553,559 ----
  
    unsigned limit;
    limit = __dpmi_get_segment_limit(__djgpp_app_DS);
!   if(a >= 4096 && (a+len-1) <= limit)
      return 0;
  /*  printf("Invalid access to child, address %#x length %#x  limit: %#x\n", a, len, limit);
    if (can_longjmp)