Re: bin/44235: lint1 fails when compiling mesa for sparc

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,martin%NetBSD.org@localhost
Subject: Re: bin/44235: lint1 fails when compiling mesa for sparc
From: "Valeriy E. Ushakov" <uwe%stderr.spb.ru@localhost>
Date: Mon, 17 Jan 2011 02:05:03 +0000 (UTC)

The following reply was made to PR bin/44235; it has been noted by GNATS.

From: "Valeriy E. Ushakov" <uwe%stderr.spb.ru@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: bin/44235: lint1 fails when compiling mesa for sparc
Date: Mon, 17 Jan 2011 05:00:25 +0300

 xgetblk doesn't check if the next free block it pick up has enough
 space for the allocation.  We come asking for s=41104 bytes, there
 isn't enough space in the current block, so we get one from freelist
 and don't check that it has enough space, so in
 usr.bin/xlint/lint1/mem1.c

 216             mb->nfree -= s;

 size_t nfree gets wrapped into 0xffff.... values and after that all
 bets are off, since this block now has enough memory for everything :)

 jmc@ tried to fix this:

   revision 1.8
   date: 2002/06/28 05:03:55;  author: jmc;  state: Exp;  lines: +9 -2
   Change xgetblk to detect cases where the requested size is more than mblklen.
   (generally it's 20k). Adjust mblklen temporarily to the size of the block
   required and allocate one. This avoids coredumps when mapping in identifiers
   that have huge values. (In my example it was a char[] for a 640k pixmap).

 but didn't address the case of frmblks != NULL.

 -uwe

Follow-Ups:
- Re: bin/44235: lint1 fails when compiling mesa for sparc
  - From: David Laight

Prev by Date: Re: bin/44235: lint1 fails when compiling mesa for sparc
Next by Date: PR/44235 CVS commit: src/usr.bin/xlint/lint1
Previous by Thread: Re: bin/44235: lint1 fails when compiling mesa for sparc
Next by Thread: Re: bin/44235: lint1 fails when compiling mesa for sparc
Indexes:

Home | Main Index | Thread Index | Old Index