From 25cfa84da6650c149522bb70412aa1c9aa85526e Mon Sep 17 00:00:00 2001
From: Aldy Hernandez <aldyh@redhat.com>
Date: Wed, 22 Apr 2020 15:09:49 +0200
Subject: Do not overflow when resizing large widest_irange's.

---
 gcc/value-range.cc | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'gcc')

diff --git a/gcc/value-range.cc b/gcc/value-range.cc
index 43a8a5b..cc260f1 100644
--- a/gcc/value-range.cc
+++ b/gcc/value-range.cc
@@ -281,6 +281,10 @@ widest_irange::resize_if_needed (unsigned nranges)
   if (m_max_ranges >= nranges)
     return;
 
+  // We're about to double the size.  Bail if it won't fit.
+  if (nranges * 2 > sizeof (m_max_ranges) * 255)
+    return;
+
   bool must_initialize = m_blob == NULL;
   m_max_ranges = nranges * 2;
   unsigned alloc_size = m_max_ranges * sizeof (*m_blob) * 2;
-- 
cgit v1.1