Fix potential null dereference in GC_CONS

* include/gc_inline.h (GC_CONS): Remove granules local variable; replace
GC_FAST_MALLOC_GRANS(GC_malloc_kind) to GC_MALLOC_WORDS_KIND(n=2);
store second element only if result is non-null; store first element
along with second one.

diff --git a/include/gc_inline.h b/include/gc_inline.h
index fb28fc5..a80b6cc 100644 (file)
--- a/include/gc_inline.h
+++ b/include/gc_inline.h
@@ -185,12 +185,11 @@ GC_API GC_ATTR_MALLOC GC_ATTR_ALLOC_SIZE(1) void * GC_CALL
 /* And once more for two word initialized objects: */
 # define GC_CONS(result, first, second, tiny_fl) \
     do { \
-      size_t granules = GC_WORDS_TO_WHOLE_GRANULES(2); \
-      GC_FAST_MALLOC_GRANS(result, granules, tiny_fl, 0, GC_I_NORMAL, \
-                           GC_malloc_kind(granules * GC_GRANULE_BYTES, \
-                                          GC_I_NORMAL), \
-                           *(void **)(result) = (void *)(first)); \
-      ((void **)(result))[1] = (void *)(second); \
+      GC_MALLOC_WORDS_KIND(result, 2, tiny_fl, GC_I_NORMAL, (void)0); \
+      if ((result) != NULL) { \
+        *(void **)(result) = (void *)(first); \
+        ((void **)(result))[1] = (void *)(second); \
+      } \
     } while (0)
 
 GC_API void GC_CALL GC_print_free_list(int /* kind */,