From be9df82919960214ee4b9d3313523bff44fd99e1 Mon Sep 17 00:00:00 2001
From: Xi Wang <xi.wang@gmail.com>
Date: Thu, 15 Mar 2012 04:55:08 +0800
Subject: [PATCH] Fix allocation size overflows due to rounding.

* malloc.c (GC_generic_malloc): Check if the allocation size is
rounded to a smaller value.
* mallocx.c (GC_generic_malloc_ignore_off_page): Likewise.
---
 malloc.c  |    2 ++
 mallocx.c |    2 ++
 2 files changed, 4 insertions(+)

Index: libgc/malloc.c
===================================================================
--- libgc.orig/malloc.c	2012-07-08 18:23:03.980370526 +0200
+++ libgc/malloc.c	2012-07-08 18:24:58.640366221 +0200
@@ -165,6 +165,9 @@
 	GC_bool init;
 	lw = ROUNDED_UP_WORDS(lb);
 	lb_rounded = WORDS_TO_BYTES(lw);
+	if (lb_rounded < lb)
+	  return((*GC_oom_fn)(lb));
+
 	n_blocks = OBJ_SZ_TO_BLOCKS(lb_rounded);
 	init = GC_obj_kinds[k].ok_init;
 	LOCK();
Index: libgc/mallocx.c
===================================================================
--- libgc.orig/mallocx.c	2012-07-08 18:21:54.800368132 +0200
+++ libgc/mallocx.c	2012-07-08 18:25:13.620365430 +0200
@@ -179,6 +179,9 @@
         return(GC_generic_malloc((word)lb, k));
     lw = ROUNDED_UP_WORDS(lb);
     lb_rounded = WORDS_TO_BYTES(lw);
+    if (lb_rounded < lb)
+	  return((*GC_oom_fn)(lb));
+
     n_blocks = OBJ_SZ_TO_BLOCKS(lb_rounded);
     init = GC_obj_kinds[k].ok_init;
     if (GC_have_errors) GC_print_all_errors();