Opened 3 years ago

Closed 3 years ago

#9172 closed bug (fixed)

integer overflow in allocate()

Reported by: rwbarton Owned by: rwbarton
Priority: normal Milestone: 7.8.3
Component: Runtime System Version: 7.8.1
Keywords: Cc: simonmar
Operating System: Unknown/Multiple Architecture: Unknown/Multiple
Type of failure: None/Unknown Test Case:
Blocked By: Blocking:
Related Tickets: Differential Rev(s):
Wiki Page:


Prelude> Data.Array.array (0,2^61 * 1024 `div` 1025) []
array (0,<interactive>: internal error: evacuate: strange closure type 2131681697
    (GHC version 7.8.1 for x86_64_unknown_linux)
    Please report this as a GHC bug:

You can get a variety of other errors too. The array size is chosen so that the total size (in words) passed to allocate is just a bit over 261. The computation of req_blocks overflows:

        W_ req_blocks =  (W_)BLOCK_ROUND_UP(n*sizeof(W_)) / BLOCK_SIZE;

Change History (3)

comment:1 Changed 3 years ago by Reid Barton <rwbarton@…>

In db64180896b395283f443d66a308048c605b217d/ghc:

Check for integer overflow in allocate() (#9172)

Summary: Check for integer overflow in allocate() (#9172)

Test Plan: validate

Reviewers: austin

Reviewed By: austin

Subscribers: simonmar, relrod, carter

Differential Revision:

comment:2 Changed 3 years ago by rwbarton

Milestone: 7.8.4
Status: newmerge

No rush on merging this because there are a fair number of similar issues that I intend to also fix at some point. In fact I would be totally fine with leaving it out of 7.8 completely.

comment:3 Changed 3 years ago by thoughtpolice

Resolution: fixed
Status: mergeclosed
Note: See TracTickets for help on using tickets.