Skip to content

Commit

Permalink
Merge pull request #11330 from yuyichao/field-overflow
Browse files Browse the repository at this point in the history
Throw OverflowError when the field offset / size overflows.
  • Loading branch information
ihnorton committed May 19, 2015
2 parents c777d31 + 49a3f3a commit eb5da26
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/alloc.c
Original file line number Diff line number Diff line change
Expand Up @@ -534,6 +534,8 @@ void jl_compute_field_offsets(jl_datatype_t *st)
size_t fsz, al;
if (jl_isbits(ty) && jl_is_leaf_type(ty)) {
fsz = jl_datatype_size(ty);
if (__unlikely(fsz > JL_FIELD_MAX_SIZE))
jl_throw(jl_overflow_exception);
al = ((jl_datatype_t*)ty)->alignment;
st->fields[i].isptr = 0;
}
Expand All @@ -550,6 +552,8 @@ void jl_compute_field_offsets(jl_datatype_t *st)
if (al > alignm)
alignm = al;
}
if (__unlikely(sz > JL_FIELD_MAX_OFFSET))
jl_throw(jl_overflow_exception);
st->fields[i].offset = sz;
st->fields[i].size = fsz;
sz += fsz;
Expand Down
3 changes: 3 additions & 0 deletions src/julia.h
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,9 @@ typedef struct {
uint16_t isptr:1;
} jl_fielddesc_t;

#define JL_FIELD_MAX_OFFSET ((1ul << 16) - 1ul)
#define JL_FIELD_MAX_SIZE ((1ul << 15) - 1ul)

typedef struct _jl_datatype_t {
JL_DATA_TYPE
jl_typename_t *name;
Expand Down

0 comments on commit eb5da26

Please sign in to comment.