diff options
author | Ivan Maidanski <ivmai@mail.ru> | 2018-11-04 11:59:11 +0300 |
---|---|---|
committer | Ivan Maidanski <ivmai@mail.ru> | 2018-11-04 12:02:34 +0300 |
commit | 6a32bb4cf84bafa6047c3b1315f0c0dd56aac3fc (patch) | |
tree | ac65d319f2f7ba19b6e6f8517fc1c699e58aea21 /headers.c | |
parent | d29c77c46dcc88c1e142ebb740e5b56e6cbd8076 (diff) | |
download | bdwgc-6a32bb4cf84bafa6047c3b1315f0c0dd56aac3fc.tar.gz |
Fix hbp overflow in GC_install_counts
Issue #245 (bdwgc).
The overflow resulted in an infinite loop in GC_install_counts on Win32.
* headers.c (GC_install_counts): If hbp+=BOTTOM_SZ overflow is expected
then break the first loop.
Diffstat (limited to 'headers.c')
-rw-r--r-- | headers.c | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -284,6 +284,8 @@ GC_INNER GC_bool GC_install_counts(struct hblk *h, size_t sz/* bytes */) for (hbp = h; (word)hbp < (word)h + sz; hbp += BOTTOM_SZ) { if (!get_index((word) hbp)) return(FALSE); + if ((word)hbp > (~(word)0) - (word)BOTTOM_SZ * HBLKSIZE) + break; /* overflow */ } if (!get_index((word)h + sz - 1)) return(FALSE); for (hbp = h + 1; (word)hbp < (word)h + sz; hbp += 1) { |