From 49a3f3a2675b275750e160fc8fa30b21241f8f8e Mon Sep 17 00:00:00 2001
From: Yichao Yu <yyc1992@gmail.com>
Date: Mon, 18 May 2015 12:48:44 -0400
Subject: [PATCH] throw OverflowError instead of SegFault/Do sth random later
 when the field offset/size overflow. Improve #11320

---
 src/alloc.c | 4 ++++
 src/julia.h | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/src/alloc.c b/src/alloc.c
index 8c0fd24bf4778..913982d236e74 100644
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -534,6 +534,8 @@ void jl_compute_field_offsets(jl_datatype_t *st)
         size_t fsz, al;
         if (jl_isbits(ty) && jl_is_leaf_type(ty)) {
             fsz = jl_datatype_size(ty);
+            if (__unlikely(fsz > JL_FIELD_MAX_SIZE))
+                jl_throw(jl_overflow_exception);
             al = ((jl_datatype_t*)ty)->alignment;
             st->fields[i].isptr = 0;
         }
@@ -550,6 +552,8 @@ void jl_compute_field_offsets(jl_datatype_t *st)
             if (al > alignm)
                 alignm = al;
         }
+        if (__unlikely(sz > JL_FIELD_MAX_OFFSET))
+            jl_throw(jl_overflow_exception);
         st->fields[i].offset = sz;
         st->fields[i].size = fsz;
         sz += fsz;
diff --git a/src/julia.h b/src/julia.h
index d55528f51b6bd..220094791f51a 100644
--- a/src/julia.h
+++ b/src/julia.h
@@ -265,6 +265,9 @@ typedef struct {
     uint16_t isptr:1;
 } jl_fielddesc_t;
 
+#define JL_FIELD_MAX_OFFSET ((1ul << 16) - 1ul)
+#define JL_FIELD_MAX_SIZE ((1ul << 15) - 1ul)
+
 typedef struct _jl_datatype_t {
     JL_DATA_TYPE
     jl_typename_t *name;