PR# 14575 Postcondition of sprealloc can be violated on 64-bit system

Problem Report Summary

Submitter: prestoat2000

Category: Runtime

Priority: Medium

Date: 2008/07/10

Class: Bug

Severity: Non-critical

Number: 14575

Release: 6.2.73753

Confidential: No

Status: Open

Responsible:

Environment: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.14) Gecko/20080421 Firefox/2.0.0.14

Synopsis: Postcondition of sprealloc can be violated on 64-bit system

Description

Based on code inspection only, it appears that one of the postconditions of
`sprealloc' (in malloc.c) can be violated on a 64-bit system.  The postcondition
that seems to be wrong is:

   ENSURE ("Valid new size", (int)(HEADER (object)->ov_size & B_SIZE) >= new_size);

It looks like the cast "(int)" is unnecessary and wrong.  If the size of
the special object exceeds 2^32 (or maybe even 2^31), which is possible on
a 64-bit system, and if sizeof(int) == 4 (it does on Solaris SPARC 64), then
the postcondition will be violated.

To Reproduce

Problem Report Interactions