Fix potential null dereference in GC_CONS

(a cherry-pick of commit 0ff8f033 from 'master')

* include/gc_inline.h (GC_CONS): Remove grans local variable; replace
GC_FAST_MALLOC_GRANS(GC_malloc_kind) to GC_MALLOC_WORDS_KIND(n=2);
store second element only if result is non-null; store first element
along with second one.

diff --git a/include/gc_inline.h b/include/gc_inline.h
index 8f7c9674a87a077d72725818dd2f6e6f02dc624a..dcbd808383bdfd7c1ead878f98e162a052bd252a 100644 (file)
--- a/include/gc_inline.h
+++ b/include/gc_inline.h
@@ -162,12 +162,11 @@ GC_API GC_ATTR_MALLOC GC_ATTR_ALLOC_SIZE(1) void * GC_CALL
 /* And once more for two word initialized objects: */
 # define GC_CONS(result, first, second, tiny_fl) \
     do { \
-      size_t grans = GC_WORDS_TO_WHOLE_GRANULES(2); \
-      GC_FAST_MALLOC_GRANS(result, grans, tiny_fl, 0, GC_I_NORMAL, \
-                           GC_malloc_kind(grans * GC_GRANULE_BYTES, \
-                                          GC_I_NORMAL), \
-                           *(void **)(result) = (void *)(first)); \
-      ((void **)(result))[1] = (void *)(second); \
+      GC_MALLOC_WORDS_KIND(result, 2, tiny_fl, GC_I_NORMAL, (void)0); \
+      if ((result) != NULL) { \
+        *(void **)(result) = (void *)(first); \
+        ((void **)(result))[1] = (void *)(second); \
+      } \
     } while (0)
 
 GC_API void GC_CALL GC_print_free_list(int /* kind */,