From 23e511d470e6795799c29b5ccb2ab6a17589e543 Mon Sep 17 00:00:00 2001 From: Boshan Sun Date: Mon, 20 Nov 2017 10:21:29 -0800 Subject: Fix integer overflow when set a large maximum value for atom table When setting maximum atom table size using +t option, there will be a integer overflow for a large size. $ erl +t2147482625 ll_alloc: Cannot allocate 18446744073692774400 bytes of memory (of type "atom_tab"). The overflow is caused by the arithmetic operations on int type. When 2147482625 + 1024 it will become -2147483647 due to the signed integerger overflow. Then the result will be resized to Uint type, which is a unsigned long type, the negative int will first be expand to 64 bits long via sign extension, then change to unsigned type, which becomes 18446744073692774400. The fix is done by convert `limit` to Uint type before doing any arithmetic operation. This will expand variable to 64 bits long type via zero extension, then the following operation are all positive, therefore no overflow will happen. Note: here we assume the int `limit` passed in is always positive. If some future change cause the `limit` passed in maybe negative, then the current fix will also cause overflow. --- erts/emulator/beam/index.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/erts/emulator/beam/index.c b/erts/emulator/beam/index.c index a1f6f54543..7bf1a032c1 100644 --- a/erts/emulator/beam/index.c +++ b/erts/emulator/beam/index.c @@ -58,7 +58,7 @@ IndexTable* erts_index_init(ErtsAlcType_t type, IndexTable* t, char* name, int size, int limit, HashFunctions fun) { - Uint base_size = ((limit+INDEX_PAGE_SIZE-1)/INDEX_PAGE_SIZE)*sizeof(IndexSlot*); + Uint base_size = (((Uint)limit+INDEX_PAGE_SIZE-1)/INDEX_PAGE_SIZE)*sizeof(IndexSlot*); hash_init(type, &t->htable, name, 3*size/4, fun); t->size = 0; -- cgit v1.2.3 From 864362749246d15355e904cf95248a634eebdfb7 Mon Sep 17 00:00:00 2001 From: Boshan Sun Date: Mon, 20 Nov 2017 10:41:48 -0800 Subject: Fix max atom size overflow on 64-bits Erlang by lowering the MAX_ATOM_TABLE_SIZE Currently, the max atom size on 64-bits Erlang is ((UWORD_CONSTANT(1) << 32) = 4294967296 This number will cause the range of atom size to be displayed as [8192-0]. Also, the +t option for max atom size will be parsed as a long type, and assigned to a int variable erts_atom_table_size (erl_init.c), which will cause integer overflow if the number is larger than the maximum value a 4-bytes signed integer can hold ((1 << 31) - 1) = 2147483647 Therefore, during the comparison erts_atom_table_size < MIN_ATOM_TABLE_SIZE any number above 2147483647 will be come negative, and causing the condition to be true, which then errored out as bad atom table size. Hence, the actual max atom size is same as the max signed int value. --- erts/emulator/beam/atom.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/erts/emulator/beam/atom.h b/erts/emulator/beam/atom.h index be998a46bd..385120a8d9 100644 --- a/erts/emulator/beam/atom.h +++ b/erts/emulator/beam/atom.h @@ -36,7 +36,7 @@ /* Internal atom cache needs MAX_ATOM_TABLE_SIZE to be less than an unsigned 32 bit integer. See external.c(erts_encode_ext_dist_header_setup) for more details. */ -#define MAX_ATOM_TABLE_SIZE ((MAX_ATOM_INDEX + 1 < (UWORD_CONSTANT(1) << 32)) ? MAX_ATOM_INDEX + 1 : (UWORD_CONSTANT(1) << 32)) +#define MAX_ATOM_TABLE_SIZE ((MAX_ATOM_INDEX + 1 < (UWORD_CONSTANT(1) << 32)) ? MAX_ATOM_INDEX + 1 : ((UWORD_CONSTANT(1) << 31) - 1)) /* Here we use maximum signed interger value to avoid integer overflow */ #else #define MAX_ATOM_TABLE_SIZE (MAX_ATOM_INDEX + 1) #endif -- cgit v1.2.3