From d5a758ea10217775e431fa32c453e44146b4c7be Mon Sep 17 00:00:00 2001 From: Torsten Hilbrich Date: Wed, 14 Nov 2012 12:12:49 +0100 Subject: [PATCH] Root_component::session: Fix ram_quota handling You cannot check an unsigned size_t variable for underflow, so I changed the code to first check if an underflow would occur before performing the subtraction. Fixes #489. --- base/include/root/component.h | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/base/include/root/component.h b/base/include/root/component.h index e224b9e221..48aefe5c18 100644 --- a/base/include/root/component.h +++ b/base/include/root/component.h @@ -186,14 +186,16 @@ namespace Genode { * the size of the session object. */ size_t ram_quota = Arg_string::find_arg(args.string(), "ram_quota").long_value(0); - size_t const remaining_ram_quota = ram_quota - sizeof(SESSION_TYPE) - - md_alloc()->overhead(sizeof(SESSION_TYPE)); - if (remaining_ram_quota < 0) { + size_t needed = sizeof(SESSION_TYPE) + md_alloc()->overhead(sizeof(SESSION_TYPE)); + + if (needed > ram_quota) { PERR("Insufficient ram quota, provided=%zd, required=%zd", - ram_quota, sizeof(SESSION_TYPE) + md_alloc()->overhead(sizeof(SESSION_TYPE))); + ram_quota, needed); throw Root::Quota_exceeded(); } + size_t const remaining_ram_quota = ram_quota - needed; + /* * Deduce ram quota needed for allocating the session object from the * donated ram quota.