From: Ivan Maidanski <ivmai@mail.ru>
Date: Mon, 7 May 2018 21:47:48 +0000 (+0300)
Subject: Fix potential null dereference in GC_CONS
X-Git-Tag: v7.6.8~58
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e39899acf9badd09e13a77710a8f43a608328c1d;p=gc

Fix potential null dereference in GC_CONS
(a cherry-pick of commit 0ff8f033 from 'master')

* include/gc_inline.h (GC_CONS): Remove grans local variable; replace
GC_FAST_MALLOC_GRANS(GC_malloc_kind) to GC_MALLOC_WORDS_KIND(n=2);
store second element only if result is non-null; store first element
along with second one.
---

diff --git a/include/gc_inline.h b/include/gc_inline.h
index 8f7c9674..dcbd8083 100644
--- a/include/gc_inline.h
+++ b/include/gc_inline.h
@@ -162,12 +162,11 @@ GC_API GC_ATTR_MALLOC GC_ATTR_ALLOC_SIZE(1) void * GC_CALL
 /* And once more for two word initialized objects: */
 # define GC_CONS(result, first, second, tiny_fl) \
     do { \
-      size_t grans = GC_WORDS_TO_WHOLE_GRANULES(2); \
-      GC_FAST_MALLOC_GRANS(result, grans, tiny_fl, 0, GC_I_NORMAL, \
-                           GC_malloc_kind(grans * GC_GRANULE_BYTES, \
-                                          GC_I_NORMAL), \
-                           *(void **)(result) = (void *)(first)); \
-      ((void **)(result))[1] = (void *)(second); \
+      GC_MALLOC_WORDS_KIND(result, 2, tiny_fl, GC_I_NORMAL, (void)0); \
+      if ((result) != NULL) { \
+        *(void **)(result) = (void *)(first); \
+        ((void **)(result))[1] = (void *)(second); \
+      } \
     } while (0)
 
 GC_API void GC_CALL GC_print_free_list(int /* kind */,