From 9a505b768cd50bffbfaa3a993df9117e7454134e Mon Sep 17 00:00:00 2001
From: Jason Evans <jasone@canonware.com>
Date: Tue, 15 Sep 2015 14:39:58 -0700
Subject: Centralize xallocx() size[+extra] overflow checks.

---
 src/arena.c    |  7 -------
 src/jemalloc.c | 18 +++++++++++-------
 2 files changed, 11 insertions(+), 14 deletions(-)

(limited to 'src')

diff --git a/src/arena.c b/src/arena.c
index a119d26..2e888ea 100644
--- a/src/arena.c
+++ b/src/arena.c
@@ -2791,15 +2791,8 @@ arena_ralloc_no_move(void *ptr, size_t oldsize, size_t size, size_t extra,
 {
 	size_t usize_min, usize_max;
 
-	/* Check for size overflow. */
-	if (unlikely(size > HUGE_MAXCLASS))
-		return (true);
 	usize_min = s2u(size);
-	/* Clamp extra if necessary to avoid (size + extra) overflow. */
-	if (unlikely(size + extra > HUGE_MAXCLASS))
-		extra = HUGE_MAXCLASS - size;
 	usize_max = s2u(size + extra);
-
 	if (likely(oldsize <= large_maxclass && usize_min <= large_maxclass)) {
 		/*
 		 * Avoid moving the allocation if the size class can be left the
diff --git a/src/jemalloc.c b/src/jemalloc.c
index f403306..ab7cf02 100644
--- a/src/jemalloc.c
+++ b/src/jemalloc.c
@@ -2285,13 +2285,6 @@ ixallocx_prof(tsd_t *tsd, void *ptr, size_t old_usize, size_t size,
 
 	prof_active = prof_active_get_unlocked();
 	old_tctx = prof_tctx_get(ptr);
-	/* Clamp extra if necessary to avoid (size + extra) overflow. */
-	if (unlikely(size + extra > HUGE_MAXCLASS)) {
-		/* Check for size overflow. */
-		if (size > HUGE_MAXCLASS)
-			return (old_usize);
-		extra = HUGE_MAXCLASS - size;
-	}
 	/*
 	 * usize isn't knowable before ixalloc() returns when extra is non-zero.
 	 * Therefore, compute its maximum possible value and use that in
@@ -2335,6 +2328,17 @@ je_xallocx(void *ptr, size_t size, size_t extra, int flags)
 	tsd = tsd_fetch();
 
 	old_usize = isalloc(ptr, config_prof);
+
+	/* Clamp extra if necessary to avoid (size + extra) overflow. */
+	if (unlikely(size + extra > HUGE_MAXCLASS)) {
+		/* Check for size overflow. */
+		if (unlikely(size > HUGE_MAXCLASS)) {
+			usize = old_usize;
+			goto label_not_resized;
+		}
+		extra = HUGE_MAXCLASS - size;
+	}
+
 	if (config_valgrind && unlikely(in_valgrind))
 		old_rzsize = u2rz(old_usize);
 
-- 
cgit v1.2.3