projects / platform / upstream / libgc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d29c77c)
Fix hbp overflow in GC_install_counts
authorIvan Maidanski <ivmai@mail.ru>
Sun, 4 Nov 2018 08:59:11 +0000 (11:59 +0300)
committerIvan Maidanski <ivmai@mail.ru>
Sun, 4 Nov 2018 09:02:34 +0000 (12:02 +0300)
Issue #245 (bdwgc).

The overflow resulted in an infinite loop in GC_install_counts on Win32.

* headers.c (GC_install_counts): If hbp+=BOTTOM_SZ overflow is expected
then break the first loop.

headers.c patch | blob | history

diff --git a/headers.c b/headers.c
index d2c283c..8267872 100644 (file)
--- a/headers.c
+++ b/headers.c
@@ -284,6 +284,8 @@ GC_INNER GC_bool GC_install_counts(struct hblk *h, size_t sz/* bytes */)
 
     for (hbp = h; (word)hbp < (word)h + sz; hbp += BOTTOM_SZ) {
         if (!get_index((word) hbp)) return(FALSE);
+        if ((word)hbp > (~(word)0) - (word)BOTTOM_SZ * HBLKSIZE)
+            break; /* overflow */
     }
     if (!get_index((word)h + sz - 1)) return(FALSE);
     for (hbp = h + 1; (word)hbp < (word)h + sz; hbp += 1) {
Domain: System / Toolchain;