diff options
author | Ivan Maidanski <ivmai@mail.ru> | 2023-05-16 08:46:29 +0300 |
---|---|---|
committer | Ivan Maidanski <ivmai@mail.ru> | 2023-05-17 11:37:38 +0300 |
commit | f9d26e200b366147bb30e35be33a395307bde6d2 (patch) | |
tree | 20e39c78b8c7fbbf8221198a2ed83d1bccb4cc0f | |
parent | 4d88582ca6ffff92164db42920c578728d093a55 (diff) | |
download | bdwgc-release-8_2.tar.gz |
Fix GC_excl_table overrun on overflow in GC_exclude_static_rootsrelease-8_2
Previously, in case of full GC_excl_table[], an attempt to insert an
element to it caused write past end of GC_excl_table (when shifting the
tail elements) before aborting cause of the table overflow.
* mark_rts.c (GC_exclude_static_roots_inner): Move check of
GC_excl_table_entries upper to be before first access to GC_excl_table;
move i local variable down to be near place of usage; cast result of
next-GC_excl_table to size_t.
-rw-r--r-- | mark_rts.c | 16 |
1 files changed, 9 insertions, 7 deletions
@@ -578,9 +578,7 @@ GC_INNER void GC_exclude_static_roots_inner(void *start, void *finish) } else { next = GC_next_exclusion((ptr_t)start); } - if (0 != next) { - size_t i; - + if (next != NULL) { if ((word)(next -> e_start) < (word) finish) { /* incomplete error check. */ ABORT("Exclusion ranges overlap"); @@ -590,14 +588,18 @@ GC_INNER void GC_exclude_static_roots_inner(void *start, void *finish) next -> e_start = (ptr_t)start; return; } - next_index = next - GC_excl_table; + } + + next_index = GC_excl_table_entries; + if (next_index >= MAX_EXCLUSIONS) ABORT("Too many exclusions"); + if (next != NULL) { + size_t i; + + next_index = (size_t)(next - GC_excl_table); for (i = GC_excl_table_entries; i > next_index; --i) { GC_excl_table[i] = GC_excl_table[i-1]; } - } else { - next_index = GC_excl_table_entries; } - if (GC_excl_table_entries == MAX_EXCLUSIONS) ABORT("Too many exclusions"); GC_excl_table[next_index].e_start = (ptr_t)start; GC_excl_table[next_index].e_end = (ptr_t)finish; ++GC_excl_table_entries; |