commit 2b4ce34fac9f3031dc8606d6cd640c61a74d7df7
author Jens Axboe <jens.axboe@oracle.com> Wed Mar 21 10:32:54 2007 +0100
committer Jens Axboe <jens.axboe@oracle.com> Wed Mar 21 10:32:54 2007 +0100
tree 8710e71cd06363b9fadc8290e2ed0dd6028cf9d7
parent 66b83d9a9b86e21ccfad845897ae3040b95e83dc

Catch too large memory allocations that cause size_t to wrap

Signed-off-by: Jens Axboe <jens.axboe@oracle.com>

fio.c

diff --git a/fio.c b/fio.c
index 92cb657..29fecb7 100644
--- a/fio.c
+++ b/fio.c
@@ -588,6 +588,7 @@
 
 static int init_io_u(struct thread_data *td)
 {
+	unsigned long long buf_size;
 	struct io_u *io_u;
 	unsigned int max_bs;
 	int i, max_units;
@@ -599,7 +600,14 @@
 		max_units = td->o.iodepth;
 
 	max_bs = max(td->o.max_bs[DDIR_READ], td->o.max_bs[DDIR_WRITE]);
-	td->orig_buffer_size = page_mask + (max_bs * max_units);
+	buf_size = (unsigned long long) max_bs * (unsigned long long) max_units;
+	buf_size += page_mask;
+	if (buf_size != (size_t) buf_size) {
+		log_err("fio: IO memory too large. Reduce max_bs or iodepth\n");
+		return 1;
+	}
+
+	td->orig_buffer_size = buf_size;
 
 	if (td->o.mem_type == MEM_SHMHUGE || td->o.mem_type == MEM_MMAPHUGE)
 		td->orig_buffer_size = (td->orig_buffer_size + td->o.hugepage_size - 1) & ~(td->o.hugepage_size - 1);