Merge branch 'egil/enforce-tuple-specification-size/OTP-10633'

* egil/enforce-tuple-specification-size/OTP-10633:
  erts: Use memcpy instead of while in setelement/3
  test: Refactor away ?line macro in tuple_SUITE
  erts: Enforce tuple max size on BIFs
  erts: Define max tuple size to 24 bits

3 files changed, 21 insertions, 9 deletions

diff --git a/erts/emulator/beam/bif.c b/erts/emulator/beam/bif.c
index 98dc9a3902..c4ff4fe982 100644
--- a/erts/emulator/beam/bif.c
+++ b/erts/emulator/beam/bif.c
@@ -2421,9 +2421,7 @@ BIF_RETTYPE setelement_3(BIF_ALIST_3)
 
     /* copy the tuple */
     resp = hp;
-    while (size--) {		/* XXX use memcpy? */
-	*hp++ = *ptr++;
-    }
+    sys_memcpy(hp, ptr, sizeof(Eterm)*size);
     resp[ix] = BIF_ARG_3;
     BIF_RET(make_tuple(resp));
 }
@@ -2436,7 +2434,7 @@ BIF_RETTYPE make_tuple_2(BIF_ALIST_2)
     Eterm* hp;
     Eterm res;
 
-    if (is_not_small(BIF_ARG_1) || (n = signed_val(BIF_ARG_1)) < 0) {
+    if (is_not_small(BIF_ARG_1) || (n = signed_val(BIF_ARG_1)) < 0 || n > ERTS_MAX_TUPLE_SIZE) {
 	BIF_ERROR(BIF_P, BADARG);
     }
     hp = HAlloc(BIF_P, n+1);
@@ -2457,7 +2455,7 @@ BIF_RETTYPE make_tuple_3(BIF_ALIST_3)
     Eterm list = BIF_ARG_3;
     Eterm* tup;
 
-    if (is_not_small(BIF_ARG_1) || (n = signed_val(BIF_ARG_1)) < 0) {
+    if (is_not_small(BIF_ARG_1) || (n = signed_val(BIF_ARG_1)) < 0 || n > ERTS_MAX_TUPLE_SIZE) {
     error:
 	BIF_ERROR(BIF_P, BADARG);
     }
@@ -2509,11 +2507,16 @@ BIF_RETTYPE append_element_2(BIF_ALIST_2)
     Eterm res;
 
     if (is_not_tuple(BIF_ARG_1)) {
+    error:
 	BIF_ERROR(BIF_P, BADARG);
     }
-    ptr = tuple_val(BIF_ARG_1);
+    ptr   = tuple_val(BIF_ARG_1);
     arity = arityval(*ptr);
-    hp = HAlloc(BIF_P, arity + 2);
+
+    if (arity + 1 > ERTS_MAX_TUPLE_SIZE)
+	goto error;
+
+    hp  = HAlloc(BIF_P, arity + 2);
     res = make_tuple(hp);
     *hp = make_arityval(arity+1);
     while (arity--) {
@@ -3097,7 +3100,7 @@ BIF_RETTYPE list_to_tuple_1(BIF_ALIST_1)
     Eterm* hp;
     int len;
 
-    if ((len = list_length(list)) < 0) {
+    if ((len = list_length(list)) < 0 || len > ERTS_MAX_TUPLE_SIZE) {
 	BIF_ERROR(BIF_P, BADARG);
     }
 
diff --git a/erts/emulator/beam/erl_term.c b/erts/emulator/beam/erl_term.c
index 6a04c6fc0b..4587cd84d1 100644
--- a/erts/emulator/beam/erl_term.c
+++ b/erts/emulator/beam/erl_term.c
@@ -133,7 +133,7 @@ ET_DEFINE_CHECKED(Uint,unsigned_val,Eterm,is_small);
 ET_DEFINE_CHECKED(Sint,signed_val,Eterm,is_small);
 ET_DEFINE_CHECKED(Uint,atom_val,Eterm,is_atom);
 ET_DEFINE_CHECKED(Uint,header_arity,Eterm,is_header);
-ET_DEFINE_CHECKED(Uint,arityval,Eterm,is_arity_value);
+ET_DEFINE_CHECKED(Uint,arityval,Eterm,is_sane_arity_value);
 ET_DEFINE_CHECKED(Uint,thing_arityval,Eterm,is_thing);
 ET_DEFINE_CHECKED(Uint,thing_subtag,Eterm,is_thing);
 ET_DEFINE_CHECKED(Eterm*,binary_val,Wterm,is_binary);
diff --git a/erts/emulator/beam/erl_term.h b/erts/emulator/beam/erl_term.h
index bc4c3a09a0..fb3ef9cd6c 100644
--- a/erts/emulator/beam/erl_term.h
+++ b/erts/emulator/beam/erl_term.h
@@ -300,8 +300,17 @@ _ET_DECLARE_CHECKED(Uint,header_arity,Eterm)
 #define header_arity(x)	_ET_APPLY(header_arity,(x))
 
 /* arityval access methods */
+/* Erlang Spec. 4.7.3 defines max arity to 65535
+ * we will however enforce max arity of 16777215 (24 bits)
+ * (checked in bifs and asserted in debug)
+ */
+#define MAX_ARITYVAL            ((((Uint)1) << 24) - 1)
+#define ERTS_MAX_TUPLE_SIZE     MAX_ARITYVAL
+
 #define make_arityval(sz)	_make_header((sz),_TAG_HEADER_ARITYVAL)
 #define is_arity_value(x)	(((x) & _TAG_HEADER_MASK) == _TAG_HEADER_ARITYVAL)
+#define is_sane_arity_value(x)	((((x) & _TAG_HEADER_MASK) == _TAG_HEADER_ARITYVAL) && \
+				 (((x) >> _HEADER_ARITY_OFFS) <= MAX_ARITYVAL))
 #define is_not_arity_value(x)	(!is_arity_value((x)))
 #define _unchecked_arityval(x)	_unchecked_header_arity((x))
 _ET_DECLARE_CHECKED(Uint,arityval,Eterm)