gc.gc: Fix out-of-bounds pagetable access

The out-of-bounds access occurs 3 lines below: `pagetable[i + p]` We never check that `i + p < npages`. This patch also acts as a small optimization (don't look at the last `n-1` pages, because it's impossible to find a free chunk of at least `n` pages from those positions). Found using Vagrind.
dlang · Mar 24, 2015 · e21c2ac · e21c2ac
1 parent f5b62da
commit e21c2ac
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/gc/gc.d b/src/gc/gc.d
@@ -2940,7 +2940,7 @@ struct LargeObjectPool
         while (searchStart < npages && pagetable[searchStart] == B_PAGE)
             searchStart += bPageOffsets[searchStart];
 
-        for (size_t i = searchStart; i < npages; )
+        for (size_t i = searchStart; i + n <= npages; )
         {
             assert(pagetable[i] == B_FREE);
             size_t p = 1;