File 1311-erts-Fix-integer-overflow-problem-in-WSTACK.patch of Package erlang
From eaf4f23176ddcc005531b6e3e538dca382b29d31 Mon Sep 17 00:00:00 2001
From: Lukas Larsson <lukas@erlang.org>
Date: Thu, 11 Nov 2021 14:29:57 +0100
Subject: [PATCH 1/2] erts: Fix integer overflow problem in WSTACK
In the testcase binary_SUITE:t2b_deterministic a very large
hash map is created and encoded. This lead to a WSTACK_RESERVE
call with an N value of 4 000 000 which made the pointer wrap around
zero and thus the stack was not grown as it should.
As far as I can tell this can only happen in the new
deterministic term_to_binary.
---
erts/emulator/beam/global.h | 44 ++++++++++++++-----------------------
1 file changed, 16 insertions(+), 28 deletions(-)
diff --git a/erts/emulator/beam/global.h b/erts/emulator/beam/global.h
index 904d394fca..3eb0225b4e 100644
--- a/erts/emulator/beam/global.h
+++ b/erts/emulator/beam/global.h
@@ -642,28 +642,29 @@ do { \
#define WSTACK_IS_STATIC(s) (s.wstart == WSTK_DEF_STACK(s))
-#define WSTACK_PUSH(s, x) \
-do { \
- if (s.wsp == s.wend) { \
- erl_grow_wstack(&s, 1); \
- } \
- *s.wsp++ = (x); \
+#define WSTACK_RESERVE(s, push_cnt) \
+do { \
+ if (s.wend - s.wsp < (Sint)(push_cnt)) { \
+ erl_grow_wstack(&s, (push_cnt)); \
+ } \
+} while(0)
+
+#define WSTACK_PUSH(s, x) \
+do { \
+ WSTACK_RESERVE(s, 1); \
+ *s.wsp++ = (x); \
} while(0)
#define WSTACK_PUSH2(s, x, y) \
do { \
- if (s.wsp > s.wend - 2) { \
- erl_grow_wstack(&s, 2); \
- } \
+ WSTACK_RESERVE(s, 2); \
*s.wsp++ = (x); \
*s.wsp++ = (y); \
} while(0)
#define WSTACK_PUSH3(s, x, y, z) \
do { \
- if (s.wsp > s.wend - 3) { \
- erl_grow_wstack(&s, 3); \
- } \
+ WSTACK_RESERVE(s, 3); \
*s.wsp++ = (x); \
*s.wsp++ = (y); \
*s.wsp++ = (z); \
@@ -671,9 +672,7 @@ do { \
#define WSTACK_PUSH4(s, A1, A2, A3, A4) \
do { \
- if (s.wsp > s.wend - 4) { \
- erl_grow_wstack(&s, 4); \
- } \
+ WSTACK_RESERVE(s, 4); \
*s.wsp++ = (A1); \
*s.wsp++ = (A2); \
*s.wsp++ = (A3); \
@@ -682,9 +681,7 @@ do { \
#define WSTACK_PUSH5(s, A1, A2, A3, A4, A5) \
do { \
- if (s.wsp > s.wend - 5) { \
- erl_grow_wstack(&s, 5); \
- } \
+ WSTACK_RESERVE(s, 5); \
*s.wsp++ = (A1); \
*s.wsp++ = (A2); \
*s.wsp++ = (A3); \
@@ -694,9 +691,7 @@ do { \
#define WSTACK_PUSH6(s, A1, A2, A3, A4, A5, A6) \
do { \
- if (s.wsp > s.wend - 6) { \
- erl_grow_wstack(&s, 6); \
- } \
+ WSTACK_RESERVE(s, 6); \
*s.wsp++ = (A1); \
*s.wsp++ = (A2); \
*s.wsp++ = (A3); \
@@ -705,13 +700,6 @@ do { \
*s.wsp++ = (A6); \
} while(0)
-#define WSTACK_RESERVE(s, push_cnt) \
-do { \
- if (s.wsp > s.wend - (push_cnt)) { \
- erl_grow_wstack(&s, (push_cnt)); \
- } \
-} while(0)
-
/* Must be preceded by WSTACK_RESERVE */
#define WSTACK_FAST_PUSH(s, x) \
do { \
--
2.31.1
