From d409e44cfb7b2a323658f4b6fd6d5bb3a9104889 Mon Sep 17 00:00:00 2001
From: Dmitriy Vyukov <dvyukov@google.com>
Date: Tue, 28 Jan 2014 22:37:35 +0400
Subject: [PATCH] runtime: fix buffer overflow in make(chan) On 32-bits one can
 arrange make(chan) params so that the chan buffer gives you access to whole
 memory.

LGTM=r
R=golang-codereviews, r
CC=bradfitz, golang-codereviews, iant, khr
https://golang.org/cl/50250045
---
 src/pkg/runtime/chan.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pkg/runtime/chan.c b/src/pkg/runtime/chan.c
index fd382f80f1..a0c285eadb 100644
--- a/src/pkg/runtime/chan.c
+++ b/src/pkg/runtime/chan.c
@@ -104,7 +104,7 @@ runtime·makechan_c(ChanType *t, int64 hint)
 	if((sizeof(*c)%MAXALIGN) != 0 || elem->align > MAXALIGN)
 		runtime·throw("makechan: bad alignment");
 
-	if(hint < 0 || (intgo)hint != hint || (elem->size > 0 && hint > MaxMem / elem->size))
+	if(hint < 0 || (intgo)hint != hint || (elem->size > 0 && hint > (MaxMem - sizeof(*c)) / elem->size))
 		runtime·panicstring("makechan: size out of range");
 
 	// allocate memory in one call
-- 
2.48.1