From 1d583e08cd5235881ede6f92800c25ddee13056f Mon Sep 17 00:00:00 2001
From: Sverker Eriksson <sverker@erlang.org>
Date: Fri, 27 Jun 2014 20:13:46 +0200
Subject: erts: Fix size overflow bugs in memory allocation

---
 erts/emulator/beam/erl_alloc_util.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'erts/emulator/beam/erl_alloc_util.c')

diff --git a/erts/emulator/beam/erl_alloc_util.c b/erts/emulator/beam/erl_alloc_util.c
index 45f0cc4312..a4e164bf51 100644
--- a/erts/emulator/beam/erl_alloc_util.c
+++ b/erts/emulator/beam/erl_alloc_util.c
@@ -3274,6 +3274,15 @@ create_carrier(Allctr_t *allctr, Uint umem_sz, UWord flags)
 
     ASSERT(!(flags & CFLG_FORCE_MSEG && flags & CFLG_FORCE_SYS_ALLOC));
 
+    if (umem_sz > (ERTS_UINT_MAX - ERTS_UINT_MAX/100)) {
+	/* Do an overly conservative _overflow_ check here so we don't
+	 * have to deal with it from here on. I guess we could be more accurate
+	 * but I don't think the need to allocate over 99% of the address space
+	 * will ever arise on any machine, neither 32 nor 64 bit.
+	 */
+	return NULL;
+    }
+
     blk_sz = UMEMSZ2BLKSZ(allctr, umem_sz);
 
 #ifdef ERTS_SMP
-- 
cgit v1.2.3