project-base/server-skynet-source-3rd-jemalloc
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix an integer overflow bug in {size2index,s2u}_compute().

Browse Source 
This {bug,regression} was introduced by
155bfa7da1 (Normalize size classes.).

This resolves #241.
This commit is contained in:
Jason Evans
2015-07-09 21:36:33 -07:00
parent 7ae1239177
commit dde067264d
3 changed files with 96 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
include/jemalloc/internal/jemalloc_internal.h.in
View File

@@ -528,7 +528,9 @@ size2index_compute(size_t size)
}
#endif
{
size_t x = lg_floor((size<<1)-1);
size_t x = unlikely(ZI(size) < 0) ? ((size<<1) ?
(ZU(1)<<(LG_SIZEOF_PTR+3)) : ((ZU(1)<<(LG_SIZEOF_PTR+3))-1))
: lg_floor((size<<1)-1);
size_t shift = (x < LG_SIZE_CLASS_GROUP + LG_QUANTUM) ? 0 :
x - (LG_SIZE_CLASS_GROUP + LG_QUANTUM);
size_t grp = shift << LG_SIZE_CLASS_GROUP;
@@ -624,7 +626,9 @@ s2u_compute(size_t size)
}
#endif
{
size_t x = lg_floor((size<<1)-1);
size_t x = unlikely(ZI(size) < 0) ? ((size<<1) ?
(ZU(1)<<(LG_SIZEOF_PTR+3)) : ((ZU(1)<<(LG_SIZEOF_PTR+3))-1))
: lg_floor((size<<1)-1);
size_t lg_delta = (x < LG_SIZE_CLASS_GROUP + LG_QUANTUM + 1)
? LG_QUANTUM : x - LG_SIZE_CLASS_GROUP - 1;
size_t delta = ZU(1) << lg_delta;