diff options
author | Björn Gustavsson <[email protected]> | 2011-05-12 11:50:01 +0200 |
---|---|---|
committer | Björn Gustavsson <[email protected]> | 2011-08-03 11:24:52 +0200 |
commit | 2d30edeb73119bbbcf3622e5c163552c10df0861 (patch) | |
tree | 05939b21fc25a0591f7d8406a1f9779fee673fea /erts/emulator/beam/erl_nmgc.h | |
parent | 8f066e99c9d614742dfb987befe72d21de4d739a (diff) | |
download | otp-2d30edeb73119bbbcf3622e5c163552c10df0861.tar.gz otp-2d30edeb73119bbbcf3622e5c163552c10df0861.tar.bz2 otp-2d30edeb73119bbbcf3622e5c163552c10df0861.zip |
beam_load.c: Add overflow check of tag values
The handling of large values for other tags than TAG_i (integer) is
buggy. Any tag value equal to or greater than 2^40 (5 bytes) will
abort loading. Tag values fitting in 5 bytes will be truncated to 4
bytes values.
Those bugs cause real problems because the bs_init2/6 and
bs_init_bits/6 instructions unfortunately use TAG_u to encode literal
sizes (using TAG_i would have been a better choice, but it is too late
to change that now). Any binary size that cannot fit in an Uint
should cause a system_limit exception at run-time, but instead the
buggy handling will either cause an emulator crash (for values in the
range 2^32 to 2^40-1) or abort loading.
In this commit, implement overflow checking of tag values as a
preparation for fixing the binary construction instructions. If any
tag value cannot fit in an Uint (except for TAG_i), change the
tag to the special TAG_o overflow tag.
Diffstat (limited to 'erts/emulator/beam/erl_nmgc.h')
0 files changed, 0 insertions, 0 deletions