handle overflow of arena_base_next

nascheme · nascheme · commit b81434205a34 · 2019-07-01T11:04:34.000-07:00
diff --git a/Objects/obmalloc.c b/Objects/obmalloc.c
@@ -2961,15 +2961,18 @@ arena_map_mark_used(uintptr_t arena_base, int is_used)
          * again (do the full tree traversal).
          */
         n_hi->arenas[i3].tail_hi = is_used ? tail : 0;
-        uintptr_t arena_base_next = arena_base + ARENA_SIZE;
-        arena_map3_t *n_lo = arena_map_get((block *)arena_base_next, is_used);
-        if (n_lo == NULL) {
-            assert(is_used); /* otherwise should already exist */
-            n_hi->arenas[i3].tail_hi = 0;
-            return 0; /* failed to allocate space for node */
+        uintptr_t arena_next = arena_base + ARENA_SIZE;
+        /* check for overflow of arena_next */
+        if (arena_next > arena_base) {
+            arena_map3_t *n_lo = arena_map_get((block *)arena_next, is_used);
+            if (n_lo == NULL) {
+                assert(is_used); /* otherwise should already exist */
+                n_hi->arenas[i3].tail_hi = 0;
+                return 0; /* failed to allocate space for node */
+            }
+            int i3_next = MAP3_INDEX(arena_next);
+            n_lo->arenas[i3_next].tail_lo = is_used ? tail : 0;
         }
-        int i3_next = MAP3_INDEX(arena_base_next);
-        n_lo->arenas[i3_next].tail_lo = is_used ? tail : 0;
     }
     return 1;
 }
