aboutsummaryrefslogtreecommitdiffstats
path: root/erts/emulator
diff options
context:
space:
mode:
authorErlang/OTP <[email protected]>2017-04-28 15:11:31 +0200
committerErlang/OTP <[email protected]>2017-04-28 15:11:31 +0200
commitb491444c4a2458f847e088b326beae48dcea93ff (patch)
treef3d8f625874ac9e6147ac6102e0d7b777337f67f /erts/emulator
parent6acb7d6fb8d23c0b0b78d30a618d2636ad463e6e (diff)
parent5f8a362c11a29c635131a7af4c3d7211da6c9bcf (diff)
downloadotp-b491444c4a2458f847e088b326beae48dcea93ff.tar.gz
otp-b491444c4a2458f847e088b326beae48dcea93ff.tar.bz2
otp-b491444c4a2458f847e088b326beae48dcea93ff.zip
Merge branch 'mikpe/erts-erl_mseg-bad-cache-indexing/OTP-14360' into maint-19
* mikpe/erts-erl_mseg-bad-cache-indexing/OTP-14360: erl_mseg.c: don't use invalid indices in - > cache_powered_node[]
Diffstat (limited to 'erts/emulator')
-rw-r--r--erts/emulator/sys/common/erl_mseg.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/erts/emulator/sys/common/erl_mseg.c b/erts/emulator/sys/common/erl_mseg.c
index 882c93a83c..968f71211c 100644
--- a/erts/emulator/sys/common/erl_mseg.c
+++ b/erts/emulator/sys/common/erl_mseg.c
@@ -87,6 +87,7 @@ static const int debruijn[32] = {
#define CACHE_AREAS (32 - MSEG_ALIGN_BITS)
+/* FIXME: segment sizes > 2 GB result in bogus negative indices */
#define SIZE_TO_CACHE_AREA_IDX(S) (LOG2((S)) - MSEG_ALIGN_BITS)
#define MAX_CACHE_SIZE (30)
@@ -396,6 +397,9 @@ static ERTS_INLINE int cache_bless_segment(ErtsMsegAllctr_t *ma, void *seg, UWor
if (MSEG_FLG_IS_2POW(flags)) {
int ix = SIZE_TO_CACHE_AREA_IDX(size);
+ if (ix < 0)
+ return 0;
+
ASSERT(ix < CACHE_AREAS);
ASSERT((1 << (ix + MSEG_ALIGN_BITS)) == size);
@@ -471,6 +475,9 @@ static ERTS_INLINE void *cache_get_segment(ErtsMsegAllctr_t *ma, UWord *size_p,
ASSERT(IS_2POW(size));
+ if (ix < 0)
+ return NULL;
+
for( i = ix; i < CACHE_AREAS; i++) {
if (erts_circleq_is_empty(&(ma->cache_powered_node[i])))