[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
integer overflow in pk_ipow
From: |
Bruno Haible |
Subject: |
integer overflow in pk_ipow |
Date: |
Fri, 19 Feb 2021 14:57:58 +0100 |
User-agent: |
KMail/5.1.3 (Linux/4.4.0-201-generic; KDE/5.18.0; x86_64; ; ) |
On Ubuntu 16.04 (x86_64, with CC="gcc -ftrapv") I get 4 test suite failures.
One of these is
FAIL: poke.pkl/pow-integers-3.pk execution test
It is easy to reproduce:
$ poke
(poke) var x = 2;
(poke) x ** -1
Abgebrochen (Speicherabzug geschrieben)
-1 is being interpreted like 0xFFFFFFFFU. We can see what's happening with
smaller numbers:
$ poke
(poke) var x = 2;
(poke) x ** 61
0x0
(poke) x ** 62
0x0
(poke) x ** 63
Abgebrochen (Speicherabzug geschrieben)
In the debugger:
(poke) var x = 2;
(poke) x ** 63
Thread 1 "poke" received signal SIGABRT, Aborted.
0x00007ffff6e2c438 in __GI_raise (sig=sig@entry=6) at
../sysdeps/unix/sysv/linux/raise.c:54
54 ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht
gefunden.
(gdb) where
#0 0x00007ffff6e2c438 in __GI_raise (sig=sig@entry=6) at
../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff6e2e03a in __GI_abort () at abort.c:89
#2 0x00007ffff7ba43ca in __mulvdi3 () from /inst-x86_64-64/lib/libpoke.so.0
#3 0x00007ffff7b7c380 in pk_ipow (base=4294967296, exp=1) at
../../libpoke/../common/pk-utils.c:82
#4 0x00007ffff7b879aa in pvm_execute_or_initialize (jitter_initialize=22,
jitter_initial_program_point=0xac5670,
jitter_original_state=0x632310) at ../../libpoke/pvm.jitter:2463
#5 0x00007ffff7b6de6d in pvm_run (apvm=0x632310, program=0xb242a0,
res=0x7fffffffd5b0) at ../../libpoke/pvm.c:158
#6 0x00007ffff7adcf09 in pkl_execute_statement (compiler=0x63b2f0,
buffer=0xac52a0 "x ** 63;", end=0x7fffffffd5f0, val=0x7fffffffd5b0)
at ../../libpoke/pkl.c:363
#7 0x00007ffff7ada026 in pk_compile_statement (pkc=0x636f00, buffer=0xac52a0
"x ** 63;", end=0x7fffffffd5f0, valp=0x7fffffffd5f8)
at ../../libpoke/libpoke.c:132
#8 0x00000000004099c5 in pk_cmd_exec (str=0xab6db0 "x ** 63") at
../../poke/pk-cmd.c:633
#9 0x00000000004085cd in pk_repl () at ../../poke/pk-repl.c:386
#10 0x0000000000406b07 in main (argc=1, argv=0x7fffffffd808) at
../../poke/poke.c:705
You can see that pk_ipow has no problems producing 2^62. But when it
multiplies 2^62 with 2, it overflows the int64_t range. Signed integer
overflow has undefined behaviour in ISO C. Therefore the option '-ftrapv'
arranges for it to produce an abort().
I would suggest to rewrite pk_ipow in such a way that it detects an overflow
before it actually happens. The intprops.h file from Gnulib contains the
necessary primitives for doing this.
Bruno
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- integer overflow in pk_ipow,
Bruno Haible <=