File 1019-erts-Fix-GC-overrun-bug-in-bsl-op-with-small-Op1.patch of Package erlang
From 3585c1e6832083acbfc130c0aafc8f2db2f3f706 Mon Sep 17 00:00:00 2001
From: Sverker Eriksson <sverker@erlang.org>
Date: Fri, 8 Jul 2016 16:41:22 +0200
Subject: [PATCH] erts: Fix GC overrun bug in 'bsl' op with small Op1
Symptom: VM abort "Overrun stack and heap"
Problem: The temporary bignum created in buffer tmp_big[] will be
part of the GC initiated by TestHeapPreserve, but its size is not
included which can cause the GC to overflow if very unlucky.
Solution: Do not include tmp_big in the GC.
---
erts/emulator/beam/beam_emu.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/erts/emulator/beam/beam_emu.c b/erts/emulator/beam/beam_emu.c
index 4716460a6b..c6258287c4 100644
--- a/erts/emulator/beam/beam_emu.c
+++ b/erts/emulator/beam/beam_emu.c
@@ -3081,6 +3081,7 @@ do { \
if (i == 0) {
StoreBifResult(2, tmp_arg1);
}
+ ires = big_size(tmp_arg1);
goto big_shift;
}
} else if (is_big(tmp_arg2)) {
@@ -3120,13 +3121,12 @@ do { \
StoreBifResult(2, tmp_arg1);
}
}
- tmp_arg1 = small_to_big(ires, tmp_big);
+ ires = 1; /* big_size(small_to_big(tmp_arg1)) */
big_shift:
if (i > 0) { /* Left shift. */
- ires = big_size(tmp_arg1) + (i / D_EXP);
+ ires += (i / D_EXP);
} else { /* Right shift. */
- ires = big_size(tmp_arg1);
if (ires <= (-i / D_EXP))
ires = 3; /* ??? */
else
@@ -3145,6 +3145,9 @@ do { \
goto lb_Cl_error;
}
TestHeapPreserve(ires+1, Arg(1), tmp_arg1);
+ if (is_small(tmp_arg1)) {
+ tmp_arg1 = small_to_big(signed_val(tmp_arg1), tmp_big);
+ }
bigp = HTOP;
tmp_arg1 = big_lshift(tmp_arg1, i, bigp);
if (is_big(tmp_arg1)) {
@@ -3167,6 +3170,7 @@ do { \
if (i == 0) {
StoreBifResult(2, tmp_arg1);
}
+ ires = big_size(tmp_arg1);
goto big_shift;
}
} else if (is_big(tmp_arg2)) {
--
2.16.4
