fix potential MEM_SIZE overflow in expected_size()

mauke · mauke · commit e4bcc783f6d7 · 2025-09-16T07:10:34.000+02:00
Coverity says:

    CID 584099:         Integer handling issues  (INTEGER_OVERFLOW)
    Expression "newlen + 8UL", where "newlen" is known to be equal to 18446744073709551615, overflows the type of "newlen + 8UL", which is type "unsigned long".

(Referring to (n) + PTRSIZE - 1 where n = newlen and PTRSIZE = 8UL.)

Crudely avoid the issue by checking n for overflow beforehand and dying
with a "panic: memory wrap" error if so.
diff --git a/perl.h b/perl.h
@@ -1700,8 +1700,15 @@ Use L</UV> to declare variables of the maximum usable size on this platform.
  * multiple of PTRSIZE, for a minimum of PERL_STRLEN_NEW_MIN. This is
  * not entirely useless, just not terribly accurate.
  */
-#define expected_size(n) ( ((n) > PERL_STRLEN_NEW_MIN)               \
-                            ? (((n) + PTRSIZE - 1) & ~(PTRSIZE - 1)) \
+#define expected_size(n) ( ((n) > PERL_STRLEN_NEW_MIN)                                     \
+                            ? (                                                            \
+                                (void)(                                                    \
+                                    (MEM_SIZE)(n) > MEM_SIZE_MAX - (PTRSIZE - 1)           \
+                                        ? (croak_memory_wrap(), 0)                         \
+                                        : 0                                                \
+                                ),                                                         \
+                                ((MEM_SIZE)(n) + (PTRSIZE - 1)) & ~(MEM_SIZE)(PTRSIZE - 1) \
+                            )                                                              \
                             : PERL_STRLEN_NEW_MIN )
 
 /* This use of offsetof() requires /Zc:offsetof- for VS2017 (and presumably
