Skip to content

Commit 4f0fe20

Browse files
bettiobettio
committed
Merge pull request #1690 from bettio/fix-boxed-int-imm-bug
Fix potential memory corruption with boxed immediate integers These changes are made under both the "Apache 2.0" and the "GNU Lesser General Public License 2.1 or later" license terms (dual license). SPDX-License-Identifier: Apache-2.0 OR LGPL-2.1-or-later
2 parents c75f35b + 8e4b939 commit 4f0fe20

File tree

2 files changed

+12
-4
lines changed

2 files changed

+12
-4
lines changed

CHANGELOG.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,8 @@ memory error
6868
- Fixed `erlang:is_number/1` function, now returns true also for floats
6969
- Fixed unlink protocol and add support for `link/1` on ports
7070
- Do not abort when an out of memory happens while loading a literal value
71+
- Fixed potential memory corruption when handling integer immediates that are stored as boxed
72+
integer (this never happens with integers < 28 bits)
7173

7274
### Changed
7375

src/libAtomVM/opcodesswitch.h

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1531,21 +1531,27 @@ static term maybe_alloc_boxed_integer_fragment(Context *ctx, avm_int64_t value)
15311531
{
15321532
#if BOXED_TERMS_REQUIRED_FOR_INT64 > 1
15331533
if ((value < AVM_INT_MIN) || (value > AVM_INT_MAX)) {
1534-
if (UNLIKELY(memory_ensure_free_opt(ctx, BOXED_INT64_SIZE, MEMORY_NO_GC) != MEMORY_GC_OK)) {
1534+
Heap heap;
1535+
if (UNLIKELY(memory_init_heap(&heap, BOXED_INT64_SIZE) != MEMORY_GC_OK)) {
15351536
ctx->x[0] = ERROR_ATOM;
15361537
ctx->x[1] = OUT_OF_MEMORY_ATOM;
15371538
return term_invalid_term();
15381539
}
1539-
return term_make_boxed_int64(value, &ctx->heap);
1540+
memory_heap_append_heap(&ctx->heap, &heap);
1541+
1542+
return term_make_boxed_int64(value, &heap);
15401543
} else
15411544
#endif
15421545
if ((value < MIN_NOT_BOXED_INT) || (value > MAX_NOT_BOXED_INT)) {
1543-
if (UNLIKELY(memory_ensure_free_opt(ctx, BOXED_INT_SIZE, MEMORY_NO_GC) != MEMORY_GC_OK)) {
1546+
Heap heap;
1547+
if (UNLIKELY(memory_init_heap(&heap, BOXED_INT_SIZE) != MEMORY_GC_OK)) {
15441548
ctx->x[0] = ERROR_ATOM;
15451549
ctx->x[1] = OUT_OF_MEMORY_ATOM;
15461550
return term_invalid_term();
15471551
}
1548-
return term_make_boxed_int(value, &ctx->heap);
1552+
memory_heap_append_heap(&ctx->heap, &heap);
1553+
1554+
return term_make_boxed_int(value, &heap);
15491555
} else {
15501556
return term_from_int(value);
15511557
}

0 commit comments

Comments
 (0)