• Messages sorted by: [ date ][ thread ][ subject ][ author ] [ Next ]
• [ Previous ] In reply to: Brian Denheyer Next in thread: Vadim Lebedev

Hello,
I think that the following code
uint32_t
PostEvent(Message *msg)
{

if (count == NEVENT)
return RC_EvtQ_Full;

  events[nextEvent].w0 = msg->rcv_w1;
  events[nextEvent].w1 = msg->rcv_w2;
  events[nextEvent].w2 = msg->rcv_w3;

if (nextEvent == NEVENT)
nextEvent = 0;
else
nextEvent++;
count++;

.....

}

Need to be changed to following, to avoid array bound overflow

uint32_t
PostEvent(Message *msg)
{

if (count == NEVENT)
return RC_EvtQ_Full;

  events[nextEvent].w0 = msg->rcv_w1;
  events[nextEvent].w1 = msg->rcv_w2;
  events[nextEvent].w2 = msg->rcv_w3;

if (++nextEvent == NEVENT)
nextEvent = 0;

count++;
....

}

Vadim

[ Next ]
• [ Previous ] In reply to: Brian Denheyer Next in thread: Vadim Lebedev