[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

integer overflow in pk_ipow

From: Bruno Haible
Subject: integer overflow in pk_ipow
Date: Fri, 19 Feb 2021 14:57:58 +0100
User-agent: KMail/5.1.3 (Linux/4.4.0-201-generic; KDE/5.18.0; x86_64; ; )

On Ubuntu 16.04 (x86_64, with CC="gcc -ftrapv") I get 4 test suite failures.
One of these is

FAIL: poke.pkl/pow-integers-3.pk execution test

It is easy to reproduce:

$ poke
(poke) var x = 2;
(poke) x ** -1
Abgebrochen (Speicherabzug geschrieben)

-1 is being interpreted like 0xFFFFFFFFU. We can see what's happening with
smaller numbers:

$ poke
(poke) var x = 2;
(poke) x ** 61
(poke) x ** 62
(poke) x ** 63
Abgebrochen (Speicherabzug geschrieben)

In the debugger:

(poke) var x = 2;
(poke) x ** 63

Thread 1 "poke" received signal SIGABRT, Aborted.
0x00007ffff6e2c438 in __GI_raise (sig=sig@entry=6) at 
54      ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht 
(gdb) where
#0  0x00007ffff6e2c438 in __GI_raise (sig=sig@entry=6) at 
#1  0x00007ffff6e2e03a in __GI_abort () at abort.c:89
#2  0x00007ffff7ba43ca in __mulvdi3 () from /inst-x86_64-64/lib/libpoke.so.0
#3  0x00007ffff7b7c380 in pk_ipow (base=4294967296, exp=1) at 
#4  0x00007ffff7b879aa in pvm_execute_or_initialize (jitter_initialize=22, 
    jitter_original_state=0x632310) at ../../libpoke/pvm.jitter:2463
#5  0x00007ffff7b6de6d in pvm_run (apvm=0x632310, program=0xb242a0, 
res=0x7fffffffd5b0) at ../../libpoke/pvm.c:158
#6  0x00007ffff7adcf09 in pkl_execute_statement (compiler=0x63b2f0, 
buffer=0xac52a0 "x ** 63;", end=0x7fffffffd5f0, val=0x7fffffffd5b0)
    at ../../libpoke/pkl.c:363
#7  0x00007ffff7ada026 in pk_compile_statement (pkc=0x636f00, buffer=0xac52a0 
"x ** 63;", end=0x7fffffffd5f0, valp=0x7fffffffd5f8)
    at ../../libpoke/libpoke.c:132
#8  0x00000000004099c5 in pk_cmd_exec (str=0xab6db0 "x ** 63") at 
#9  0x00000000004085cd in pk_repl () at ../../poke/pk-repl.c:386
#10 0x0000000000406b07 in main (argc=1, argv=0x7fffffffd808) at 

You can see that pk_ipow has no problems producing 2^62. But when it
multiplies 2^62 with 2, it overflows the int64_t range. Signed integer
overflow has undefined behaviour in ISO C. Therefore the option '-ftrapv'
arranges for it to produce an abort().

I would suggest to rewrite pk_ipow in such a way that it detects an overflow
before it actually happens. The intprops.h file from Gnulib contains the
necessary primitives for doing this.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]