Fix GC_collect_or_expand to prevent allocation size value wrap-around

(Cherry-pick commit 1f3c938 from 'release-7_4' branch.)

Relates to issue #135 on Github.

* alloc.c (GC_WORD_MAX): New macro.
* alloc.c (GC_collect_or_expand): Limit blocks_to_get by
GC_WORD_MAX / HBLKSIZE value (to avoid multiplication overflow in
GC_expand_hp_inner).

diff --git a/alloc.c b/alloc.c
index 1d767d2153b5faa2d37b1ceac86e5347dff6ee60..7d4a600bb8ad8c3217529d51821f3e393d8012fe 100644 (file)
--- a/alloc.c
+++ b/alloc.c
@@ -1227,6 +1227,8 @@ GC_INNER unsigned GC_fail_count = 0;
                         /* How many consecutive GC/expansion failures?  */
                         /* Reset by GC_allochblk.                       */
 
+#define GC_WORD_MAX (~(word)0)
+
 /* Collect or expand heap in an attempt make the indicated number of    */
 /* free blocks available.  Should be called until the blocks are        */
 /* available (setting retry value to TRUE unless this is the first call */
@@ -1275,6 +1277,8 @@ GC_INNER GC_bool GC_collect_or_expand(word needed_blocks,
       } else {
         blocks_to_get = MAXHINCR;
       }
+      if (blocks_to_get > divHBLKSZ(GC_WORD_MAX))
+        blocks_to_get = divHBLKSZ(GC_WORD_MAX);
     }
 
     if (!GC_expand_hp_inner(blocks_to_get)