From 2d30edeb73119bbbcf3622e5c163552c10df0861 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Gustavsson?= Date: Thu, 12 May 2011 11:50:01 +0200 Subject: beam_load.c: Add overflow check of tag values The handling of large values for other tags than TAG_i (integer) is buggy. Any tag value equal to or greater than 2^40 (5 bytes) will abort loading. Tag values fitting in 5 bytes will be truncated to 4 bytes values. Those bugs cause real problems because the bs_init2/6 and bs_init_bits/6 instructions unfortunately use TAG_u to encode literal sizes (using TAG_i would have been a better choice, but it is too late to change that now). Any binary size that cannot fit in an Uint should cause a system_limit exception at run-time, but instead the buggy handling will either cause an emulator crash (for values in the range 2^32 to 2^40-1) or abort loading. In this commit, implement overflow checking of tag values as a preparation for fixing the binary construction instructions. If any tag value cannot fit in an Uint (except for TAG_i), change the tag to the special TAG_o overflow tag. --- erts/emulator/utils/beam_makeops | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'erts/emulator/utils') diff --git a/erts/emulator/utils/beam_makeops b/erts/emulator/utils/beam_makeops index 1a117b168f..354439b5e3 100755 --- a/erts/emulator/utils/beam_makeops +++ b/erts/emulator/utils/beam_makeops @@ -110,7 +110,7 @@ my @pred_table; # Operand types for generic instructions. my $compiler_types = "uiaxyfhz"; -my $loader_types = "nprvlq"; +my $loader_types = "nprvlqo"; my $genop_types = $compiler_types . $loader_types; # -- cgit v1.2.3