From ddd06f537235203ce3e9f7a2a5e454410317995c Mon Sep 17 00:00:00 2001 From: Ian Lance Taylor Date: Fri, 28 Sep 2012 21:25:20 +0000 Subject: runtime: Better detection of memory allocation request overflow. From-SVN: r191841 --- libgo/runtime/chan.c | 4 +++- libgo/runtime/go-append.c | 3 +++ libgo/runtime/go-make-slice.c | 2 +- libgo/runtime/malloc.h | 9 +++++++++ 4 files changed, 16 insertions(+), 2 deletions(-) (limited to 'libgo') diff --git a/libgo/runtime/chan.c b/libgo/runtime/chan.c index c8ee10e..d0a1612 100644 --- a/libgo/runtime/chan.c +++ b/libgo/runtime/chan.c @@ -3,6 +3,8 @@ // license that can be found in the LICENSE file. #include "runtime.h" +#include "arch.h" +#include "malloc.h" #include "go-type.h" #define NOSELGEN 1 @@ -88,7 +90,7 @@ runtime_makechan_c(ChanType *t, int64 hint) elem = t->__element_type; - if(hint < 0 || (int32)hint != hint || (elem->__size > 0 && (uintptr)hint > ((uintptr)-1) / elem->__size)) + if(hint < 0 || (int32)hint != hint || (elem->__size > 0 && (uintptr)hint > MaxMem / elem->__size)) runtime_panicstring("makechan: size out of range"); n = sizeof(*c); diff --git a/libgo/runtime/go-append.c b/libgo/runtime/go-append.c index 3a0c778..dac4c90 100644 --- a/libgo/runtime/go-append.c +++ b/libgo/runtime/go-append.c @@ -54,6 +54,9 @@ __go_append (struct __go_open_array a, void *bvalues, uintptr_t bcount, while (m < count); } + if ((uintptr) m > MaxMem / element_size) + runtime_panicstring ("growslice: cap out of range"); + n = __go_alloc (m * element_size); __builtin_memcpy (n, a.__values, a.__count * element_size); diff --git a/libgo/runtime/go-make-slice.c b/libgo/runtime/go-make-slice.c index 42b412c..822c9b6 100644 --- a/libgo/runtime/go-make-slice.c +++ b/libgo/runtime/go-make-slice.c @@ -37,7 +37,7 @@ __go_make_slice2 (const struct __go_type_descriptor *td, uintptr_t len, if (cap < len || (uintptr_t) icap != cap || (std->__element_type->__size > 0 - && cap > (uintptr_t) -1U / std->__element_type->__size)) + && cap > MaxMem / std->__element_type->__size)) runtime_panicstring ("makeslice: cap out of range"); ret.__count = ilen; diff --git a/libgo/runtime/malloc.h b/libgo/runtime/malloc.h index 16bb449..96cb609 100644 --- a/libgo/runtime/malloc.h +++ b/libgo/runtime/malloc.h @@ -128,6 +128,15 @@ enum MaxGcproc = 4, }; +// Maximum memory allocation size, a hint for callers. +// This must be a #define instead of an enum because it +// is so large. +#if __SIZEOF_POINTER__ == 8 +#define MaxMem (16ULL<<30) /* 16 GB */ +#else +#define MaxMem ((uintptr)-1) +#endif + // A generic linked list of blocks. (Typically the block is bigger than sizeof(MLink).) struct MLink { -- cgit v1.1