From e8becad96454a8deb755f587ca0daaf96dfca90e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Gustavsson?= <bjorn@erlang.org>
Date: Tue, 10 May 2011 10:56:24 +0200
Subject: Fix construction of <<0:((1 bsl 32)-1)>>

Attempting to construct <<0:((1 bsl 32)-1)>>, the largest bitstring
allowed in a 32 bit emulator, would cause an emulator crash because
of integer overflow.

Fix the problem by using an Uint64 to avoid integer overflow.
Do not attempt to handle construction of <<0:((1 bsl 64)-1>> in
a 64-bit emulator, because that will certainly cause the emulator
to terminate anyway because of insufficient memory.
---
 erts/emulator/beam/beam_emu.c             | 2 +-
 erts/emulator/beam/erl_bits.h             | 2 +-
 erts/emulator/test/bs_construct_SUITE.erl | 5 +++++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/erts/emulator/beam/beam_emu.c b/erts/emulator/beam/beam_emu.c
index fb90a7d4f7..937b3d9e53 100644
--- a/erts/emulator/beam/beam_emu.c
+++ b/erts/emulator/beam/beam_emu.c
@@ -3561,7 +3561,7 @@ void process_main(void)
       * Operands: NotUsed Live Dst
       */
  do_bs_init_bits_known:
-     num_bytes = (num_bits+7) >> 3;
+     num_bytes = ((Uint64)num_bits+(Uint64)7) >> 3;
      if (num_bits & 7) {
 	 alloc += ERL_SUB_BIN_SIZE;
      }
diff --git a/erts/emulator/beam/erl_bits.h b/erts/emulator/beam/erl_bits.h
index 0f67733fa4..3309ea706b 100644
--- a/erts/emulator/beam/erl_bits.h
+++ b/erts/emulator/beam/erl_bits.h
@@ -150,7 +150,7 @@ void erts_bits_destroy_state(ERL_BITS_PROTO_0);
  * NBYTES(x) returns the number of bytes needed to store x bits.
  */
 
-#define NBYTES(x)  (((x) + 7) >> 3) 
+#define NBYTES(x)  (((Uint64)(x) + (Uint64) 7) >> 3) 
 #define BYTE_OFFSET(ofs) ((Uint) (ofs) >> 3)
 #define BIT_OFFSET(ofs) ((ofs) & 7)
 
diff --git a/erts/emulator/test/bs_construct_SUITE.erl b/erts/emulator/test/bs_construct_SUITE.erl
index 1959803385..ef5940d748 100644
--- a/erts/emulator/test/bs_construct_SUITE.erl
+++ b/erts/emulator/test/bs_construct_SUITE.erl
@@ -553,6 +553,11 @@ huge_float_check({'EXIT',{badarg,_}}) -> ok.
 
 huge_binary(Config) when is_list(Config) ->
     ?line 16777216 = size(<<0:(id(1 bsl 26)),(-1):(id(1 bsl 26))>>),
+    ?line garbage_collect(),
+    ?line id(<<0:((1 bsl 32)-1)>>),
+    ?line garbage_collect(),
+    ?line id(<<0:(id((1 bsl 32)-1))>>),
+    ?line garbage_collect(),
     ok.
 
 system_limit(Config) when is_list(Config) ->
-- 
cgit v1.2.3