From e9e8dd93f057587e295fb9fb75721ae38076c722 Mon Sep 17 00:00:00 2001
From: Sven Verdoolaege <skimo@kotnet.org>
Date: Fri, 20 Feb 2015 11:50:37 +0100
Subject: [PATCH] isl_map_simplify.c: handle overflow in round_up

If the number of integer divisions or inequalities is extremely large,
then round_up may in theory return 0, although it is far more likely
that memory will have been exhausted first.  Handle this extreme case
anyway.

Detected by a scan_build on Polly.

Signed-off-by: Sven Verdoolaege <skimo@kotnet.org>
---
 isl_map_simplify.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/isl_map_simplify.c b/isl_map_simplify.c
index ade600ac..8609b210 100644
--- a/isl_map_simplify.c
+++ b/isl_map_simplify.c
@@ -735,8 +735,10 @@ static struct isl_basic_map *remove_duplicate_divs(
 	if (k <= 0)
 		return bmap;
 
-	elim_for = isl_calloc_array(ctx, int, bmap->n_div);
 	size = round_up(4 * bmap->n_div / 3 - 1);
+	if (size == 0)
+		return bmap;
+	elim_for = isl_calloc_array(ctx, int, bmap->n_div);
 	bits = ffs(size) - 1;
 	index = isl_calloc_array(ctx, int, size);
 	if (!elim_for || !index)
@@ -1128,6 +1130,8 @@ __isl_give isl_basic_map *isl_basic_map_remove_duplicate_constraints(
 		return bmap;
 
 	size = round_up(4 * (bmap->n_ineq+1) / 3 - 1);
+	if (size == 0)
+		return bmap;
 	bits = ffs(size) - 1;
 	ctx = isl_basic_map_get_ctx(bmap);
 	index = isl_calloc_array(ctx, isl_int **, size);
@@ -1736,6 +1740,8 @@ static struct isl_basic_set *remove_shifted_constraints(
 		return NULL;
 
 	size = round_up(4 * (context->n_ineq+1) / 3 - 1);
+	if (size == 0)
+		return bset;
 	bits = ffs(size) - 1;
 	ctx = isl_basic_set_get_ctx(bset);
 	index = isl_calloc_array(ctx, isl_int **, size);
-- 
2.11.4.GIT