From da4e4bf252ffff390662a06140d0f0e6a06e1710 Mon Sep 17 00:00:00 2001
From: Pekka Pirinen <pekka@harlequin.com>
Date: Mon, 6 Apr 1998 18:41:40 +0100
Subject: [PATCH] Fix size check (change.epcore.170475)

Copied from Perforce
 Change: 19398
 ServerID: perforce.ravenbrook.com
---
 mps/src/vman.c | 29 +++++++++++++++--------------
 mps/src/vmo1.c |  7 ++++---
 mps/src/vmsu.c |  8 ++++----
 3 files changed, 23 insertions(+), 21 deletions(-)

diff --git a/mps/src/vman.c b/mps/src/vman.c
index dbbb8a6038e..8af5c66bf48 100644
--- a/mps/src/vman.c
+++ b/mps/src/vman.c
@@ -1,6 +1,6 @@
 /* impl.c.vman: ANSI VM: MALLOC-BASED PSEUDO MEMORY MAPPING
  *
- * $HopeName: MMsrc!vman.c(trunk.18) $
+ * $HopeName: MMsrc!vman.c(trunk.19) $
  * Copyright (C) 1997, 1998 The Harlequin Group Limited.  All rights reserved.
  */
 
@@ -9,7 +9,7 @@
 #include <stdlib.h>     /* for malloc and free */
 #include <string.h>     /* for memset */
 
-SRCID(vman, "$HopeName: MMsrc!vman.c(trunk.18) $");
+SRCID(vman, "$HopeName: MMsrc!vman.c(trunk.19) $");
 
 
 /* VMStruct -- virtual memory structure */
@@ -53,33 +53,34 @@ Res VMCreate(VM *vmReturn, Size size)
   VM vm;
 
   AVER(vmReturn != NULL);
-  size = SizeAlignUp(size, VMAN_ALIGN);
-  AVER(size != 0);
+
+  /* Note that because we add VMAN_ALIGN rather than */
+  /* VMAN_ALIGN-1 we are not in danger of overflowing */
+  /* vm->limit even if malloc were perverse enough to give us */
+  /* a block at the end of memory. */
+  size = SizeAlignUp(size, VMAN_ALIGN) + VMAN_ALIGN;
+  if((size < VMAN_ALIGN) || (size > (Size)(size_t)-1))
+    return ResRESOURCE;
 
   vm = (VM)malloc(sizeof(VMStruct));
   if(vm == NULL)
     return ResMEMORY;
 
-  /* Note that because we add VMAN_ALIGN rather than */
-  /* VMAN_ALIGN-1 we are not in danger of overflowing */
-  /* vm->limit even if malloc were peverse enough to give us */
-  /* a block at the end of memory. */
-
-  vm->block = malloc((Size)(size + VMAN_ALIGN));
+  vm->block = malloc((size_t)size);
   if(vm->block == NULL) {
     free(vm);
     return ResMEMORY;
   }
 
   vm->base  = AddrAlignUp((Addr)vm->block, VMAN_ALIGN);
-  vm->limit = AddrAdd(vm->base, size);
-  AVER(vm->limit < AddrAdd((Addr)vm->block, size + VMAN_ALIGN));
+  vm->limit = AddrAdd(vm->base, size - VMAN_ALIGN);
+  AVER(vm->limit < AddrAdd((Addr)vm->block, size));
 
-  memset((void *)vm->base, VM_JUNKBYTE, size);
+  memset((void *)vm->block, VM_JUNKBYTE, size);
   
   /* Lie about the reserved address space, to simulate real */
   /* virtual memory. */
-  vm->reserved = size;
+  vm->reserved = size - VMAN_ALIGN;
   vm->mapped = (Size)0;
   
   vm->sig = VMSig;
diff --git a/mps/src/vmo1.c b/mps/src/vmo1.c
index 1779a01b58d..014fbcc9d26 100644
--- a/mps/src/vmo1.c
+++ b/mps/src/vmo1.c
@@ -1,6 +1,6 @@
 /* impl.c.vmo1: VIRTUAL MEMORY MAPPING FOR DIGITAL UNIX
  *
- * $HopeName: MMsrc!vmo1.c(trunk.4) $
+ * $HopeName: MMsrc!vmo1.c(trunk.5) $
  * Copyright (C) 1995, 1997, 1998 Harlequin Group, all rights reserved
  *
  * Readership: Any MPS developer
@@ -62,7 +62,7 @@
 /* for getpagesize(2),close(2) */
 #include <unistd.h>
 
-SRCID(vmo1, "$HopeName: MMsrc!vmo1.c(trunk.4) $");
+SRCID(vmo1, "$HopeName: MMsrc!vmo1.c(trunk.5) $");
 
 
 /* Fix unprototyped system calls
@@ -126,7 +126,8 @@ Res VMCreate(VM *vmReturn, Size size)
   align = (Align)getpagesize();
   AVER(SizeIsP2(align));
   size = SizeAlignUp(size, align);
-  AVER(size != 0);
+  if((size == 0) || (size > (Size)(size_t)-1))
+    return ResRESOURCE;
 
   none_fd = open("/etc/passwd", O_RDONLY);
   if(none_fd == -1) {
diff --git a/mps/src/vmsu.c b/mps/src/vmsu.c
index 0019625e4b2..3e6692ae745 100644
--- a/mps/src/vmsu.c
+++ b/mps/src/vmsu.c
@@ -1,6 +1,6 @@
 /* impl.c.vmsu: VIRTUAL MEMORY MAPPING FOR SUNOS 4
  *
- * $HopeName: MMsrc!vmsu.c(trunk.15) $
+ * $HopeName: MMsrc!vmsu.c(trunk.16) $
  * Copyright (C) 1995, 1997, 1998 Harlequin Group, all rights reserved
  *
  * Design: design.mps.vm
@@ -54,7 +54,7 @@
 #include <errno.h>
 #include <sys/errno.h>
 
-SRCID(vmsu, "$HopeName: MMsrc!vmsu.c(trunk.15) $");
+SRCID(vmsu, "$HopeName: MMsrc!vmsu.c(trunk.16) $");
 
 
 /* Fix up unprototyped system calls.  */
@@ -120,8 +120,8 @@ Res VMCreate(VM *vmReturn, Size size)
   align = (Align)getpagesize();
   AVER(SizeIsP2(align));
   size = SizeAlignUp(size, align);
-  AVER(size != 0);
-  AVER(size <= INT_MAX); /* see .assume.size */
+  if((size == 0) || (size > (Size)INT_MAX)) /* see .assume.size */
+    return ResRESOURCE;
 
   zero_fd = open("/dev/zero", O_RDONLY);
   if(zero_fd == -1)