From 75b831aa879234db6d8821a32f4c411ef6cfc6ff Mon Sep 17 00:00:00 2001
From: Sverker Eriksson <sverker@erlang.org>
Date: Mon, 20 Feb 2012 19:52:13 +0100
Subject: erts: Fix bignum-bug in ETS with compressed option

A large 64-bit immediate number will be stored as SMALL_BIG_EXT by ETS
compressed format. When uncompressing, the SMALL_BIG_EXT was first
decoded as as bignum (by bytes_to_big) and then turned into a small
(by big_norm). This works for normal "binary_to_term" as
decoded_size() over-estimates the needed heap size. But for ETS no
over-estimation is done as the real term size is known and stored in
DbTerm.

Fixed by preventing bytes_to_big() from writing bignum digit when the
number is seen to fit in an immediate.
---
 erts/emulator/beam/big.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'erts')

diff --git a/erts/emulator/beam/big.c b/erts/emulator/beam/big.c
index 976f05c990..25ac790d81 100644
--- a/erts/emulator/beam/big.c
+++ b/erts/emulator/beam/big.c
@@ -1844,6 +1844,7 @@ dsize_t big_bytes(Eterm x)
 /*
 ** Load a bignum from bytes
 ** xsz is the number of bytes in xp
+** *r is untouched if number fits in small
 */
 Eterm bytes_to_big(byte *xp, dsize_t xsz, int xsgn, Eterm *r)
 {
@@ -1852,7 +1853,7 @@ Eterm bytes_to_big(byte *xp, dsize_t xsz, int xsgn, Eterm *r)
     ErtsDigit d;
     int i;
 
-    while(xsz >= sizeof(ErtsDigit)) {
+    while(xsz > sizeof(ErtsDigit)) {
 	d = 0;
 	for(i = sizeof(ErtsDigit); --i >= 0;)
 	    d = (d << 8) | xp[i];
@@ -1867,11 +1868,20 @@ Eterm bytes_to_big(byte *xp, dsize_t xsz, int xsgn, Eterm *r)
 	d = 0;
 	for(i = xsz; --i >= 0;)
 	    d = (d << 8) | xp[i];
+	if (++rsz == 1 && IS_USMALL(xsgn,d)) {
+	    if (xsgn) d = -d;
+	    return make_small(d);
+	}
 	*rwp = d;
 	rwp++;
-	rsz++;
     }
-    return big_norm(r, rsz, (short) xsgn);
+    if (xsgn) {
+      *r = make_neg_bignum_header(rsz);
+    }
+    else {
+      *r = make_pos_bignum_header(rsz);
+    }
+    return make_big(r);
 }
 
 /*
-- 
cgit v1.2.3


From de742bb6eb202c5a524bab3617a2ede918598705 Mon Sep 17 00:00:00 2001
From: Sverker Eriksson <sverker@erlang.org>
Date: Mon, 20 Feb 2012 19:53:32 +0100
Subject: erts: Fail binary_to_term if bignum arity is too large

---
 erts/emulator/beam/external.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'erts')

diff --git a/erts/emulator/beam/external.c b/erts/emulator/beam/external.c
index 152dbcf085..9d52ed4e98 100644
--- a/erts/emulator/beam/external.c
+++ b/erts/emulator/beam/external.c
@@ -3118,6 +3118,9 @@ decoded_size(byte *ep, byte* endp, int internal_tags)
 	case LARGE_BIG_EXT:
 	    CHKSIZE(4);
 	    n = get_int32(ep);
+	    if (n > BIG_ARITY_MAX*sizeof(ErtsDigit)) {
+		return -1;
+	    }
 	    SKIP2(n,4+1);		/* skip, size,sign,digits */
 	    heap_size += 1+1+(n+sizeof(Eterm)-1)/sizeof(Eterm); /* XXX: 1 too much? */
 	    break;
-- 
cgit v1.2.3