Project

General

Profile

Bug #13595

rb_alloc_tmp_buffer2 broken when: elsize % sizeof(VALUE) == 0

Added by normalperson (Eric Wong) about 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Target version:
-
[ruby-core:81364]

Description

Here is the function in full as of current trunk (r58863):

static inline void *
rb_alloc_tmp_buffer2(volatile VALUE *store, long count, size_t elsize)
{
    size_t cnt = (size_t)count;
    if (elsize % sizeof(VALUE) == 0) {
    if (RB_UNLIKELY(cnt > LONG_MAX / sizeof(VALUE))) {
        ruby_malloc_size_overflow(cnt, elsize);
    }
    }
    else {
    size_t size, max = LONG_MAX - sizeof(VALUE) + 1;
    if (RB_UNLIKELY(rb_mul_size_overflow(cnt, elsize, max, &size))) {
        ruby_malloc_size_overflow(cnt, elsize);
    }
    cnt = (size + sizeof(VALUE) - 1) / sizeof(VALUE);
    }
    return rb_alloc_tmp_buffer_with_count(store, cnt * sizeof(VALUE), cnt);
}

Notice that elsize is completely ignored in the top branch when
"(elsize % sizeof(VALUE) == 0)" is true; this gives me problems
when attempting to use ALLOCV_N.

I am terrible at arithmetic and this function is too complicated for me,
so I'll let naruse or someone else fix this. But please do. Thanks

Also available in: Atom PDF