fix integer truncation bugs in error logger path

Sending a large term to the error logger has two problems related
to the size and sign of the variables used to represent lengths:

- the API functions (erts_send_error_term_to_logger() et al) perform
  an unchecked narrowing conversion from size_t to int when passing
  dsbufp->str_len to the internal functions; this may both truncate
  the length and make it negative

- do_send_term_to_logger() and do_send_to_logger() multiply the
  int-typed length by 2 before widening it to Uint and adding a few
  more values; the intermediate product may overflow causing loss
  of high bits and a change of sign; if the intermediate product is
  negative the final size will be an extremely large positive value

The end result is that the computed buffer size can be arbitrarily
wrong, either too small or too large.

While reviewing this code I also found and fixed a potential narrowing
bug in erts_set_hole_marker().

0 files changed, 0 insertions, 0 deletions