Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 6 Nov 2011 23:28:41 +0100
From: Pascal Cuoq <pascal.cuoq@...il.com>
To: musl@...ts.openwall.com
Subject: Re: Undefined behavior in atoi()

On Sun, Nov 6, 2011 at 10:21 PM, Rich Felker <dalias@...ifal.cx> wrote:

>
> Thanks. How did you manage to find this bug? Just browsing source?
>

I was looking at implementations for strtod() (long story for another time)
and I noticed that this library was the most pleasant C code I had
seen in months (seriously), so I lingered a bit. So, the straightforward
answer is "yes, code review".

The slightly longer answer is that I have done the formal verification of
"string to number" C functions in the past, found that they were correct,
noticed the opposite trick, and somehow the relationship
between the two clicked. So I was looking for a classic pitfall here.

Since my previous e-mail, I have been analyzing a few more cases for fun,
and musl's original code also has this issue for the 40 or so values
below LONG_MAX.

The problem is then:

src/stdlib/atol.orig.c:14:[kernel] warning: Signed overflow.
                  assert (long)((long)10*n)+(long)*tmp_0 ≤
9223372036854775807LL;

That is, you should in any case subtract '0' from the digit before adding
it in
at line 14. In the case of atoll() on IA32, it will even be more efficient.

Pascal

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.