Commit cd4b202f authored by Ben Gamari's avatar Ben Gamari 🐢

array: Check for integer overflow during allocation

This fixes #229, where creating a new array can cause array to allocate
a smaller array than it thinks it allocates due to integer overflow,
resulting in memory unsafety.

This breaks the rts/overflow1 test, which relied on this unchecked
overflow. I fix it by reimplementing the test in terms of newByteArray#
directly.

Updates the array submodule.
parent 81c49562
Subproject commit bab2c234f176fe3e95443cbe4387833da22f7e5d
Subproject commit b8a8d09ddc20a9c9d99bd03b136718b543edb877
{-# LANGUAGE MagicHash #-}
{-# LANGUAGE BangPatterns #-}
{-# LANGUAGE UnboxedTuples #-}
module Main where
import Data.Array.IO
import Data.Word
import GHC.Exts
import GHC.Base
-- Try to overflow BLOCK_ROUND_UP in the computation of req_blocks in allocate()
-- Here we invoke allocate() via newByteArray# and the array package.
-- Here we invoke allocate() via newByteArray#.
-- Request a number of bytes close to HS_WORD_MAX,
-- subtracting a few words for overhead in newByteArray#.
-- Allocate Word32s (rather than Word8s) to get around bounds-checking in array.
main = newArray (0,maxBound `div` 4 - 10) 0 :: IO (IOUArray Word Word32)
main :: IO ()
main =
IO $ \s1# ->
case newByteArray# (maxInt# -# 10#) s1# of
(# s2#, _ #) -> (# s2#, () #)
where
maxInt# :: Int#
!(I# maxInt#) = maxBound
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment