Fix GC_collect_or_expand to prevent allocation size value wrap-around

(Cherry-pick commit 1f3c938 from 'release-7_4' branch.) Relates to issue #135 on Github. * alloc.c (GC_WORD_MAX): New macro. * alloc.c (GC_collect_or_expand): Limit blocks_to_get by GC_WORD_MAX / HBLKSIZE value (to avoid multiplication overflow in GC_expand_hp_inner).
ivmai · Nov 11, 2016 · 949a753 · 949a753
1 parent 2ea6d85
commit 949a753
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/alloc.c b/alloc.c
@@ -1227,6 +1227,8 @@ GC_INNER unsigned GC_fail_count = 0;
                         /* How many consecutive GC/expansion failures?  */
                         /* Reset by GC_allochblk.                       */
 
+#define GC_WORD_MAX (~(word)0)
+
 /* Collect or expand heap in an attempt make the indicated number of    */
 /* free blocks available.  Should be called until the blocks are        */
 /* available (setting retry value to TRUE unless this is the first call */
@@ -1275,6 +1277,8 @@ GC_INNER GC_bool GC_collect_or_expand(word needed_blocks,
       } else {
         blocks_to_get = MAXHINCR;
       }
+      if (blocks_to_get > divHBLKSZ(GC_WORD_MAX))
+        blocks_to_get = divHBLKSZ(GC_WORD_MAX);
     }
 
     if (!GC_expand_hp_inner(blocks_to_get)