diff options
author | Sverker Eriksson <sverker@erlang.org> | 2014-06-27 20:13:46 +0200 |
---|---|---|
committer | Sverker Eriksson <sverker@erlang.org> | 2014-06-27 20:13:46 +0200 |
commit | 1d583e08cd5235881ede6f92800c25ddee13056f (patch) | |
tree | 0650ef7818f46ef739e671f28fc1e9468881ee5a /erts/emulator/beam/erl_alloc_util.c | |
parent | 461dc05384eece7b4b7d84370fb0a2cf96ed2f6d (diff) | |
download | otp-1d583e08cd5235881ede6f92800c25ddee13056f.tar.gz otp-1d583e08cd5235881ede6f92800c25ddee13056f.tar.bz2 otp-1d583e08cd5235881ede6f92800c25ddee13056f.zip |
erts: Fix size overflow bugs in memory allocation
Diffstat (limited to 'erts/emulator/beam/erl_alloc_util.c')
-rw-r--r-- | erts/emulator/beam/erl_alloc_util.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/erts/emulator/beam/erl_alloc_util.c b/erts/emulator/beam/erl_alloc_util.c index 45f0cc4312..a4e164bf51 100644 --- a/erts/emulator/beam/erl_alloc_util.c +++ b/erts/emulator/beam/erl_alloc_util.c @@ -3274,6 +3274,15 @@ create_carrier(Allctr_t *allctr, Uint umem_sz, UWord flags) ASSERT(!(flags & CFLG_FORCE_MSEG && flags & CFLG_FORCE_SYS_ALLOC)); + if (umem_sz > (ERTS_UINT_MAX - ERTS_UINT_MAX/100)) { + /* Do an overly conservative _overflow_ check here so we don't + * have to deal with it from here on. I guess we could be more accurate + * but I don't think the need to allocate over 99% of the address space + * will ever arise on any machine, neither 32 nor 64 bit. + */ + return NULL; + } + blk_sz = UMEMSZ2BLKSZ(allctr, umem_sz); #ifdef ERTS_SMP |