From: Ivan Maidanski <ivmai@mail.ru>
Date: Tue, 27 Sep 2016 07:12:18 +0000 (+0300)
Subject: Fix GC_collect_or_expand to prevent allocation size value wrap-around
X-Git-Tag: v8.0.0~1142
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=552ad0834672fed86ada6430150ef9ebdd3f54d7;p=platform%2Fupstream%2Flibgc.git

Fix GC_collect_or_expand to prevent allocation size value wrap-around

Relates to issue #135 on Github.

* alloc.c (GC_WORD_MAX): New macro.
* alloc.c (GC_collect_or_expand): Limit blocks_to_get by
GC_WORD_MAX / HBLKSIZE value (to avoid multiplication overflow in
GC_expand_hp_inner).
---

diff --git a/alloc.c b/alloc.c
index ba4c804..6ecbe8d 100644
--- a/alloc.c
+++ b/alloc.c
@@ -1324,6 +1324,8 @@ GC_INNER unsigned GC_fail_count = 0;
 static word last_fo_entries = 0;
 static word last_bytes_finalized = 0;
 
+#define GC_WORD_MAX (~(word)0)
+
 /* Collect or expand heap in an attempt make the indicated number of    */
 /* free blocks available.  Should be called until the blocks are        */
 /* available (setting retry value to TRUE unless this is the first call */
@@ -1378,6 +1380,8 @@ GC_INNER GC_bool GC_collect_or_expand(word needed_blocks,
       } else {
         blocks_to_get = MAXHINCR;
       }
+      if (blocks_to_get > divHBLKSZ(GC_WORD_MAX))
+        blocks_to_get = divHBLKSZ(GC_WORD_MAX);
     }
 
     if (!GC_expand_hp_inner(blocks_to_get)