Handle possible array size overflow

In the StackTraceArray::Allocate
dotnet · Jun 10, 2024 · d056127 · d056127
1 parent f774c60
commit d056127
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/src/coreclr/vm/object.cpp b/src/coreclr/vm/object.cpp
@@ -1484,14 +1484,14 @@ void StackTraceArray::Allocate(size_t size)
     }
     CONTRACTL_END;
 
-    size_t raw_size = size * sizeof(StackTraceElement) + sizeof(ArrayHeader);
+    S_SIZE_T raw_size = S_SIZE_T(size) * S_SIZE_T(sizeof(StackTraceElement)) + S_SIZE_T(sizeof(ArrayHeader));
 
-    if (!FitsIn<DWORD>(raw_size))
+    if (raw_size.IsOverflow() || !FitsIn<DWORD>(raw_size.Value())
     {
         EX_THROW(EEMessageException, (kOverflowException, IDS_EE_ARRAY_DIMENSIONS_EXCEEDED));
     }
 
-    SetArray(I1ARRAYREF(AllocatePrimitiveArray(ELEMENT_TYPE_I1, static_cast<DWORD>(raw_size))));
+    SetArray(I1ARRAYREF(AllocatePrimitiveArray(ELEMENT_TYPE_I1, static_cast<DWORD>(raw_size.Value()))));
     SetSize(0);
     SetKeepAliveItemsCount(0);
     SetObjectThread();