From be9df82919960214ee4b9d3313523bff44fd99e1 Mon Sep 17 00:00:00 2001
From: Xi Wang <xi.wang@gmail.com>
Date: Thu, 15 Mar 2012 04:55:08 +0800
Subject: [PATCH] Fix allocation size overflows due to rounding.

* malloc.c (GC_generic_malloc): Check if the allocation size is
rounded to a smaller value.
* mallocx.c (GC_generic_malloc_ignore_off_page): Likewise.
---
 malloc.c  |    2 ++
 mallocx.c |    2 ++
 2 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/malloc.c b/malloc.c
index cc0cc00..899d6ff 100644
--- a/malloc.c
+++ b/malloc.c
@@ -169,6 +169,8 @@ GC_API void * GC_CALL GC_generic_malloc(size_t lb, int k)
         GC_bool init;
         lg = ROUNDED_UP_GRANULES(lb);
         lb_rounded = GRANULES_TO_BYTES(lg);
+        if (lb_rounded < lb)
+            return((*GC_get_oom_fn())(lb));
         n_blocks = OBJ_SZ_TO_BLOCKS(lb_rounded);
         init = GC_obj_kinds[k].ok_init;
         LOCK();
diff --git a/mallocx.c b/mallocx.c
index 2c79f41..0d9c0a6 100644
--- a/mallocx.c
+++ b/mallocx.c
@@ -183,4 +183,6 @@ GC_INNER void * GC_generic_malloc_ignore_off_page(size_t lb, int k)
     lg = ROUNDED_UP_GRANULES(lb);
     lb_rounded = GRANULES_TO_BYTES(lg);
+    if (lb_rounded < lb)
+        return((*GC_get_oom_fn())(lb));
     n_blocks = OBJ_SZ_TO_BLOCKS(lb_rounded);
     init = GC_obj_kinds[k].ok_init;
-- 
1.7.7