From 6a32bb4cf84bafa6047c3b1315f0c0dd56aac3fc Mon Sep 17 00:00:00 2001
From: Ivan Maidanski <ivmai@mail.ru>
Date: Sun, 4 Nov 2018 11:59:11 +0300
Subject: Fix hbp overflow in GC_install_counts

Issue #245 (bdwgc).

The overflow resulted in an infinite loop in GC_install_counts on Win32.

* headers.c (GC_install_counts): If hbp+=BOTTOM_SZ overflow is expected
then break the first loop.
---
 headers.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'headers.c')

diff --git a/headers.c b/headers.c
index d2c283c5..8267872d 100644
--- a/headers.c
+++ b/headers.c
@@ -284,6 +284,8 @@ GC_INNER GC_bool GC_install_counts(struct hblk *h, size_t sz/* bytes */)
 
     for (hbp = h; (word)hbp < (word)h + sz; hbp += BOTTOM_SZ) {
         if (!get_index((word) hbp)) return(FALSE);
+        if ((word)hbp > (~(word)0) - (word)BOTTOM_SZ * HBLKSIZE)
+            break; /* overflow */
     }
     if (!get_index((word)h + sz - 1)) return(FALSE);
     for (hbp = h + 1; (word)hbp < (word)h + sz; hbp += 1) {
-- 
cgit v1.2.1