Bug 442012 - Allocating more than 2GB of memory in mozilla is never a good idea. On 64-bit systems PRSize and size_t are 64-bit and so truncation from PRSize to PRUint32 could cause weird behavior errors. Prevent these huge allocations. r=wtc sr=dveditz
authorBenjamin Smedberg <benjamin@smedbergs.us>
Wed, 26 Nov 2008 14:38:53 -0500
changeset 22161 9f3807b5e936007699408ca2a406bcd212ffdf86
parent 22160 dcd1373d1dff210288e6092a07a85751704c056a
child 22162 3cadaf8dab0cbb3509f850495992f0dd3ace47d5
push idunknown
push userunknown
push dateunknown
reviewerswtc, dveditz
bugs442012
milestone1.9.1b3pre
Bug 442012 - Allocating more than 2GB of memory in mozilla is never a good idea. On 64-bit systems PRSize and size_t are 64-bit and so truncation from PRSize to PRUint32 could cause weird behavior errors. Prevent these huge allocations. r=wtc sr=dveditz
xpcom/base/nsMemoryImpl.cpp
--- a/xpcom/base/nsMemoryImpl.cpp
+++ b/xpcom/base/nsMemoryImpl.cpp
@@ -288,27 +288,33 @@ PRInt32
 nsMemoryImpl::sIsFlushing = 0;
 
 nsMemoryImpl::FlushEvent
 nsMemoryImpl::sFlushEvent;
 
 XPCOM_API(void*)
 NS_Alloc(PRSize size)
 {
+    if (size > PR_INT32_MAX)
+        return nsnull;
+
     void* result = MALLOC1(size);
     if (! result) {
         // Request an asynchronous flush
         sGlobalMemory.FlushMemory(NS_LITERAL_STRING("alloc-failure").get(), PR_FALSE);
     }
     return result;
 }
 
 XPCOM_API(void*)
 NS_Realloc(void* ptr, PRSize size)
 {
+    if (size > PR_INT32_MAX)
+        return nsnull;
+
     void* result = REALLOC1(ptr, size);
     if (! result && size != 0) {
         // Request an asynchronous flush
         sGlobalMemory.FlushMemory(NS_LITERAL_STRING("alloc-failure").get(), PR_FALSE);
     }
     return result;
 }