From: Xi Wang <xi.wang@gmail.com>
Date: Wed, 14 Mar 2012 20:55:08 +0000 (+0800)
Subject: Fix allocation size overflows due to rounding.
X-Git-Tag: gc7_2~35
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=32973f3dd9c4102762777111da5e5beaa7d302ad;p=gc

Fix allocation size overflows due to rounding.

* malloc.c (GC_generic_malloc): Check if the allocation size is
rounded to a smaller value.
* mallocx.c (GC_generic_malloc_ignore_off_page): Likewise.
---

diff --git a/malloc.c b/malloc.c
index 5c3374da..6ef10940 100644
--- a/malloc.c
+++ b/malloc.c
@@ -167,6 +167,8 @@ GC_API void * GC_CALL GC_generic_malloc(size_t lb, int k)
         GC_bool init;
         lg = ROUNDED_UP_GRANULES(lb);
         lb_rounded = GRANULES_TO_BYTES(lg);
+        if (lb_rounded < lb)
+            return((*GC_get_oom_fn())(lb));
         n_blocks = OBJ_SZ_TO_BLOCKS(lb_rounded);
         init = GC_obj_kinds[k].ok_init;
         LOCK();
diff --git a/mallocx.c b/mallocx.c
index e5928358..eba43f40 100644
--- a/mallocx.c
+++ b/mallocx.c
@@ -182,6 +182,8 @@ GC_INNER void * GC_generic_malloc_ignore_off_page(size_t lb, int k)
         return(GC_generic_malloc((word)lb, k));
     lg = ROUNDED_UP_GRANULES(lb);
     lb_rounded = GRANULES_TO_BYTES(lg);
+    if (lb_rounded < lb)
+        return((*GC_get_oom_fn())(lb));
     n_blocks = OBJ_SZ_TO_BLOCKS(lb_rounded);
     init = GC_obj_kinds[k].ok_init;
     if (GC_have_errors) GC_print_all_errors();