Fix ixallocx_prof() size+extra overflow.

Fix ixallocx_prof() to clamp the extra parameter if size+extra would overflow HUGE_MAXCLASS.
author: Jason Evans <jasone@canonware.com> 2015-09-15 05:31:32 (GMT)
committer: Jason Evans <jasone@canonware.com> 2015-09-15 05:47:12 (GMT)
commit: 4acb6c7ff3411ddc4d180b0cbdba4fd2c3651ef0 (patch)
tree: f5d56fea0231092f025456ccd772777090c16b61 /src/jemalloc.c
parent: 8f57e3f1aeb86021b3d078b825bc8c42b2a9af6f (diff)
download: jemalloc-4acb6c7ff3411ddc4d180b0cbdba4fd2c3651ef0.zip
jemalloc-4acb6c7ff3411ddc4d180b0cbdba4fd2c3651ef0.tar.gz
jemalloc-4acb6c7ff3411ddc4d180b0cbdba4fd2c3651ef0.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/src/jemalloc.c b/src/jemalloc.c
index 7cf1487..6ed3d4e 100644
--- a/src/jemalloc.c
+++ b/src/jemalloc.c
@@ -2275,6 +2275,9 @@ ixallocx_prof(tsd_t *tsd, void *ptr, size_t old_usize, size_t size,
 	prof_tctx_t *old_tctx, *tctx;
 
 	old_tctx = prof_tctx_get(ptr);
+	/* Clamp extra if necessary to avoid (size + extra) overflow. */
+	if (unlikely(size + extra > HUGE_MAXCLASS))
+		extra = HUGE_MAXCLASS - size;
 	/*
 	 * usize isn't knowable before ixalloc() returns when extra is non-zero.
 	 * Therefore, compute its maximum possible value and use that in
author	Jason Evans <jasone@canonware.com>	2015-09-15 05:31:32 (GMT)
committer	Jason Evans <jasone@canonware.com>	2015-09-15 05:47:12 (GMT)
commit	4acb6c7ff3411ddc4d180b0cbdba4fd2c3651ef0 (patch)
tree	f5d56fea0231092f025456ccd772777090c16b61 /src/jemalloc.c
parent	8f57e3f1aeb86021b3d078b825bc8c42b2a9af6f (diff)
download	jemalloc-4acb6c7ff3411ddc4d180b0cbdba4fd2c3651ef0.zip jemalloc-4acb6c7ff3411ddc4d180b0cbdba4fd2c3651ef0.tar.gz jemalloc-4acb6c7ff3411ddc4d180b0cbdba4fd2c3651ef0.tar.bz2