Does element_offset need to guard against overflow?

[eseidel]

sdk/runtime/vm/object.h

Line 5601 in c3a4f56

static intptr_t element_offset(intptr_t index) {

sizeof(UntaggedObjectPool::Entry) is 8 on arm64

0x7FFFFFFF is the max signed positive integer. So any value 0xFFFFFFF or larger would overflow here.

We happened to hit this in a test case. I'm not sure any dart program in the wild actually has 268M object pool entries. :)

[dart-github-bot]

Summary: element_offset calculation in object.h might overflow on arm64 if the object pool exceeds 268 million entries, a scenario unlikely in real-world Dart programs. A test case revealed this potential issue.

[rmacnak-google]

All the types in that computation are intptr_t or size_t, so this would need to be a 64-bit overflow for arm64. How did you hit overflow here? Are you attempting to cross-compile for arm64 from a 32-bit architecture?

[github-actions]

Without additional information we're not able to resolve this issue. Feel free to add more info or respond to any questions above and we can reopen the case. Thanks for your contribution!