in malloc, compute memory sizes in size_t

Some size computations were using the wrong data type, in particular getting a signed 32-bit type where unsigned 64-bit is required on LP64 systems. That resulted in truncation and in sign extension during later conversion to the correct type, either way producing bogus sizes. Fix by casting everything to size_t suitably early. Fixes [perl #119829].
author: Zefram <zefram@fysh.org> 2017-12-01 01:25:52 +0000
committer: Zefram <zefram@fysh.org> 2017-12-01 01:30:20 +0000
commit: 64072da0d64f4e24d5d3f53f391a1fb7a5121ac0 (patch)
tree: 820dc4ac0772474024c5262244ce238c8202a2ea
parent: 21baa9a2e2a9246add77c4670eeee6383cc1ccb9 (diff)
download: perl-64072da0d64f4e24d5d3f53f391a1fb7a5121ac0.tar.gz
2 files changed, 11 insertions, 6 deletions
diff --git a/malloc.c b/malloc.c
index bb72cddef1..53835e1f47 100644
--- a/malloc.c
+++ b/malloc.c
@@ -466,12 +466,12 @@ static const u_short buck_size[MAX_BUCKET_BY_TABLE + 1] =
   };
 #  define BUCKET_SIZE_NO_SURPLUS(i) ((i) % 2 ? buck_size[i] : (1 << ((i) >> BUCKET_POW2_SHIFT)))
 #  define BUCKET_SIZE_REAL(i) ((i) <= MAX_BUCKET_BY_TABLE		\
-			       ? buck_size[i] 				\
-			       : ((1 << ((i) >> BUCKET_POW2_SHIFT))	\
+			       ? ((size_t)buck_size[i])			\
+			       : ((((size_t)1) << ((i) >> BUCKET_POW2_SHIFT)) \
 				  - MEM_OVERHEAD(i)			\
 				  + POW2_OPTIMIZE_SURPLUS(i)))
 #else
-#  define BUCKET_SIZE_NO_SURPLUS(i) (1 << ((i) >> BUCKET_POW2_SHIFT))
+#  define BUCKET_SIZE_NO_SURPLUS(i) (((size_t)1) << ((i) >> BUCKET_POW2_SHIFT))
 #  define BUCKET_SIZE(i) (BUCKET_SIZE_NO_SURPLUS(i) + POW2_OPTIMIZE_SURPLUS(i))
 #  define BUCKET_SIZE_REAL(i) (BUCKET_SIZE(i) - MEM_OVERHEAD(i))
 #endif 
@@ -686,7 +686,7 @@ static const u_short blk_shift[LOG_OF_MIN_ARENA * BUCKETS_PER_POW2] =
 
 #ifdef PACK_MALLOC
 #  define MEM_OVERHEAD(bucket) \
-  (bucket <= MAX_PACKED ? 0 : M_OVERHEAD)
+  (bucket <= MAX_PACKED ? ((size_t)0) : M_OVERHEAD)
 #  ifdef SMALL_BUCKET_VIA_TABLE
 #    define START_SHIFTS_BUCKET ((MAX_PACKED_POW2 + 1) * BUCKETS_PER_POW2)
 #    define START_SHIFT MAX_PACKED_POW2
@@ -752,11 +752,11 @@ static const char bucket_of[] =
 #  define POW2_OPTIMIZE_ADJUST(nbytes)				\
    ((nbytes >= FIRST_BIG_BOUND) ? nbytes -= PERL_PAGESIZE : 0)
 #  define POW2_OPTIMIZE_SURPLUS(bucket)				\
-   ((bucket >= FIRST_BIG_POW2 * BUCKETS_PER_POW2) ? PERL_PAGESIZE : 0)
+   ((size_t)((bucket >= FIRST_BIG_POW2 * BUCKETS_PER_POW2) ? PERL_PAGESIZE : 0))
 
 #else  /* !TWO_POT_OPTIMIZE */
 #  define POW2_OPTIMIZE_ADJUST(nbytes)
-#  define POW2_OPTIMIZE_SURPLUS(bucket) 0
+#  define POW2_OPTIMIZE_SURPLUS(bucket) ((size_t)0)
 #endif /* !TWO_POT_OPTIMIZE */
 
 #define BARK_64K_LIMIT(what,nbytes,size)
diff --git a/pod/perldelta.pod b/pod/perldelta.pod
index b280c77420..7f60cc4193 100644
--- a/pod/perldelta.pod
+++ b/pod/perldelta.pod
@@ -378,6 +378,11 @@ files in F<ext/> and F<lib/> are best summarized in L</Modules and Pragmata>.
 
 XXX
 
+=item *
+
+Perl's own C<malloc> no longer gets confused by attempts to allocate
+more than 4 GiB on a 64-bit platform.  [perl #119829]
+
 =back
 
 =head1 Known Problems
author	Zefram <zefram@fysh.org>	2017-12-01 01:25:52 +0000
committer	Zefram <zefram@fysh.org>	2017-12-01 01:30:20 +0000
commit	64072da0d64f4e24d5d3f53f391a1fb7a5121ac0 (patch)
tree	820dc4ac0772474024c5262244ce238c8202a2ea
parent	21baa9a2e2a9246add77c4670eeee6383cc1ccb9 (diff)
download	perl-64072da0d64f4e24d5d3f53f391a1fb7a5121ac0.tar.gz