Fix allocation size overflows due to rounding.

* malloc.c (GC_generic_malloc): Check if the allocation size is
rounded to a smaller value.
* mallocx.c (GC_generic_malloc_ignore_off_page): Likewise.

diff --git a/malloc.c b/malloc.c
index 5c3374da31f67ee57cbd1cef0230c9f0f6f6d8fa..6ef10940468e51854febb632a0af27c318829639 100644 (file)
--- a/malloc.c
+++ b/malloc.c
@@ -167,6 +167,8 @@ GC_API void * GC_CALL GC_generic_malloc(size_t lb, int k)
         GC_bool init;
         lg = ROUNDED_UP_GRANULES(lb);
         lb_rounded = GRANULES_TO_BYTES(lg);
+        if (lb_rounded < lb)
+            return((*GC_get_oom_fn())(lb));
         n_blocks = OBJ_SZ_TO_BLOCKS(lb_rounded);
         init = GC_obj_kinds[k].ok_init;
         LOCK();

diff --git a/mallocx.c b/mallocx.c
index e5928358738e3fcc2aabf0449dc176bfbbb2d5cf..eba43f4056458dc561c6659c08074964baba902a 100644 (file)
--- a/mallocx.c
+++ b/mallocx.c
@@ -182,6 +182,8 @@ GC_INNER void * GC_generic_malloc_ignore_off_page(size_t lb, int k)
         return(GC_generic_malloc((word)lb, k));
     lg = ROUNDED_UP_GRANULES(lb);
     lb_rounded = GRANULES_TO_BYTES(lg);
+    if (lb_rounded < lb)
+        return((*GC_get_oom_fn())(lb));
     n_blocks = OBJ_SZ_TO_BLOCKS(lb_rounded);
     init = GC_obj_kinds[k].ok_init;
     if (GC_have_errors) GC_print_all_errors();