PR# 14566 Locals in `acollect' can overflow on 64-bit platform with EIF_CONDITIONAL_COLLECT
Problem Report Summary
Submitter: prestoat2000
Category: Runtime
Priority: Medium
Date: 2008/07/07
Class: Bug
Severity: Serious
Number: 14566
Release: 6.2.73753
Confidential: No
Status: Open
Responsible:
Environment: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.9) Gecko/20071111 Firefox/2.0.0.9
Solaris 10 on SPARC
Synopsis: Locals in `acollect' can overflow on 64-bit platform with EIF_CONDITIONAL_COLLECT
Description
Based on code inspection only, it looks like some local variables in `acollect' (in garcol.c) which are of type "int" can overflow on a 64-bit platform where sizeof(int) == 4 if EIF_CONDITIONAL_COLLECT is defined. Locals freemem, tau, half_tau and allocated all look like they might have incorrect values if a lot of memory is allocated (or free). Perhaps they should be declared to be of some unsigned type, such as rt_uint_ptr.
To Reproduce
Problem Report Interactions