[fpc-devel] Overflow in TMemoryStream?
Martok
listbox at martoks-place.de
Sun Sep 11 20:07:22 CEST 2016
Hi,
yes, I can confirm this as an overflow, but on its own, it should be safe. Above
430MB, the stream doesn't grow by a quarter but just by however much was
requested, luckily the branch fails before the wrong capacity could be set.
Test:
type
TMS2 = class(TMemoryStream) end;
var
ms: TMS2;
ds: Int64;
begin
ds:= 100*1000*1000;
ms:= TMS2.Create;
ms.SetSize(ds);
WriteLn(ds:15,' ', ms.Size:15, ' ', ms.Capacity:15);
inc(ds, ds div 10); // grow by less than 25%
ms.SetSize(ds);
WriteLn(ds:15,' ', ms.Size:15, ' ', ms.Capacity:15);
end.
with ds=100M, prints:
100000000 100000000 100003840
110000000 110000000 125005824 << grew by 1/4*100M
with ds=500M, prints:
500000000 500000000 500002816
550000000 550000000 550002688 << bug, grew by 1/10*500M
However, with ds=869M, prints:
869000000 869000000 869003264
955900000 18666185569013440 955904000
and mostly crashes with Runtime Error 203 except when I'm step-by-step-debugging
it...
That looks like a *separate* overflow to me, probably caused by the wild mix of
Int64 and Longint that our Streams inherited from Delphi...
I don't have RTL built with full symbols right now, maybe someone else can
investigate?
Martok
More information about the fpc-devel
mailing list