From 59c67fd2fb8a83efadbcd3c88db0128c968ddca5 Mon Sep 17 00:00:00 2001
From: Mikael Pettersson <mikpelinux@gmail.com>
Date: Fri, 21 Apr 2017 14:10:22 +0200
Subject: erl_mseg.c: don't use invalid indices in - > cache_powered_node[]

---
 erts/emulator/sys/common/erl_mseg.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/erts/emulator/sys/common/erl_mseg.c b/erts/emulator/sys/common/erl_mseg.c
index 882c93a83c..968f71211c 100644
--- a/erts/emulator/sys/common/erl_mseg.c
+++ b/erts/emulator/sys/common/erl_mseg.c
@@ -87,6 +87,7 @@ static const int debruijn[32] = {
 
 #define CACHE_AREAS      (32 - MSEG_ALIGN_BITS)
 
+/* FIXME: segment sizes > 2 GB result in bogus negative indices */
 #define SIZE_TO_CACHE_AREA_IDX(S)   (LOG2((S)) - MSEG_ALIGN_BITS)
 #define MAX_CACHE_SIZE   (30)
 
@@ -396,6 +397,9 @@ static ERTS_INLINE int cache_bless_segment(ErtsMsegAllctr_t *ma, void *seg, UWor
 	if (MSEG_FLG_IS_2POW(flags)) {
 	    int ix = SIZE_TO_CACHE_AREA_IDX(size);
 
+            if (ix < 0)
+                return 0;
+
 	    ASSERT(ix < CACHE_AREAS);
 	    ASSERT((1 << (ix + MSEG_ALIGN_BITS)) == size);
 
@@ -471,6 +475,9 @@ static ERTS_INLINE void *cache_get_segment(ErtsMsegAllctr_t *ma, UWord *size_p,
 
 	ASSERT(IS_2POW(size));
 
+        if (ix < 0)
+            return NULL;
+
 	for( i = ix; i < CACHE_AREAS; i++) {
 
 	    if (erts_circleq_is_empty(&(ma->cache_powered_node[i])))
-- 
cgit v1.2.3