Fix invalid allocation bug in runtime that allows for segfaults (#2896)

dipinhora · SeanTAllen · commit 6a98836b8f75 · 2018-10-12T14:09:11.000-04:00
Thanks to @malte for identifying the root cause of #2013. This PR fixes things so that if there's a request for a `size_t` sized allocation, it actually tries to allocate it instead of pretending that it allocated it while not actually allocating anything which results in memory clobbering and segfaults. resolves #2013
diff --git a/src/libponyrt/mem/pool.c b/src/libponyrt/mem/pool.c
@@ -1052,5 +1052,9 @@ size_t ponyint_pool_adjust_size(size_t size)
   if((size & POOL_ALIGN_MASK) != 0)
     size = (size & ~POOL_ALIGN_MASK) + POOL_ALIGN;
 
+  // we've overflowed the `size_t` datatype
+  if(size == 0)
+    size = size - 1;
+
   return size;
 }

Original file line number	Diff line number	Diff line change
`@@ -1052,5 +1052,9 @@ size_t ponyint_pool_adjust_size(size_t size)`
`1052`	`1052`	`if((size & POOL_ALIGN_MASK) != 0)`
`1053`	`1053`	`size = (size & ~POOL_ALIGN_MASK) + POOL_ALIGN;`
`1054`	`1054`
	`1055`	+ // we've overflowed the `size_t` datatype
	`1056`	`+ if(size == 0)`
	`1057`	`+ size = size - 1;`
	`1058`	`+`
`1055`	`1059`	`return size;`
`1056`	`1060`	`}`