diff options
author | Mikael Pettersson <[email protected]> | 2017-04-21 14:10:22 +0200 |
---|---|---|
committer | Mikael Pettersson <[email protected]> | 2017-04-21 14:10:22 +0200 |
commit | 59c67fd2fb8a83efadbcd3c88db0128c968ddca5 (patch) | |
tree | dcb33f826cbfea375290bc1364c981932b0ab626 | |
parent | c04e4cd533d9a4185eadda3141e0783b0f5a0fae (diff) | |
download | otp-59c67fd2fb8a83efadbcd3c88db0128c968ddca5.tar.gz otp-59c67fd2fb8a83efadbcd3c88db0128c968ddca5.tar.bz2 otp-59c67fd2fb8a83efadbcd3c88db0128c968ddca5.zip |
erl_mseg.c: don't use invalid indices in - > cache_powered_node[]
-rw-r--r-- | erts/emulator/sys/common/erl_mseg.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/erts/emulator/sys/common/erl_mseg.c b/erts/emulator/sys/common/erl_mseg.c index 882c93a83c..968f71211c 100644 --- a/erts/emulator/sys/common/erl_mseg.c +++ b/erts/emulator/sys/common/erl_mseg.c @@ -87,6 +87,7 @@ static const int debruijn[32] = { #define CACHE_AREAS (32 - MSEG_ALIGN_BITS) +/* FIXME: segment sizes > 2 GB result in bogus negative indices */ #define SIZE_TO_CACHE_AREA_IDX(S) (LOG2((S)) - MSEG_ALIGN_BITS) #define MAX_CACHE_SIZE (30) @@ -396,6 +397,9 @@ static ERTS_INLINE int cache_bless_segment(ErtsMsegAllctr_t *ma, void *seg, UWor if (MSEG_FLG_IS_2POW(flags)) { int ix = SIZE_TO_CACHE_AREA_IDX(size); + if (ix < 0) + return 0; + ASSERT(ix < CACHE_AREAS); ASSERT((1 << (ix + MSEG_ALIGN_BITS)) == size); @@ -471,6 +475,9 @@ static ERTS_INLINE void *cache_get_segment(ErtsMsegAllctr_t *ma, UWord *size_p, ASSERT(IS_2POW(size)); + if (ix < 0) + return NULL; + for( i = ix; i < CACHE_AREAS; i++) { if (erts_circleq_is_empty(&(ma->cache_powered_node[i]))) |