Google Git
Sign in
chromium/angle/angle.git/main^!/.
commit
8c8f35f183d9d248c4b4ee84323512f5000c8494
[log]
author
Shahbaz Youssefi <syoussefi@chromium.org>
Wed May 20 20:16:56 2026
committer
angle-scoped@luci-project-accounts.iam.gserviceaccount.com <angle-scoped@luci-project-accounts.iam.gserviceaccount.com>
Thu May 21 19:29:10 2026
tree
31d80ca6be5468329c5f9a049ee797e9240531f3
parent
8006fa227663f35a4bd9a70e069d437406b9750c [diff]
Translator: Don't cap object sizes to INT_MAX

The calculations are done in size_t, so the cap is changed to size_t's
MAX value instead.

Fixes a crash if a _very_ big struct is declared, but used only in a way
that's constant folded.  The test itself is impossible to put in the CQ
due to its long execution time.

Bug: chromium:513468021
Change-Id: Ia378f915ed509ce52162153054229cc22a9a91af
Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/7865643
Commit-Queue: Shahbaz Youssefi <syoussefi@chromium.org>
Reviewed-by: Geoff Lang <geofflang@chromium.org>

diff --git a/src/compiler/translator/Types.cpp b/src/compiler/translator/Types.cpp
index a3564df..42ccdcc 100644
--- a/src/compiler/translator/Types.cpp
+++ b/src/compiler/translator/Types.cpp

@@ -517,8 +517,10 @@
 
     for (size_t arraySize : mArraySizes)
     {
-        if (arraySize > INT_MAX / totalSize)
-            totalSize = INT_MAX;
+        if (arraySize > std::numeric_limits<size_t>::max() / totalSize)
+        {
+            totalSize = std::numeric_limits<size_t>::max();
+        }
         else
             totalSize *= arraySize;
     }
@@ -877,8 +879,10 @@
     for (const TField *field : *mFields)
     {
         size_t fieldSize = field->type()->getObjectSize();
-        if (fieldSize > INT_MAX - size)
-            size = INT_MAX;
+        if (fieldSize > std::numeric_limits<size_t>::max() - size)
+        {
+            size = std::numeric_limits<size_t>::max();
+        }
         else
             size += fieldSize;
     }