Date: Sun, 6 Nov 2011 23:28:41 +0100 From: Pascal Cuoq <pascal.cuoq@...il.com> To: musl@...ts.openwall.com Subject: Re: Undefined behavior in atoi() On Sun, Nov 6, 2011 at 10:21 PM, Rich Felker <dalias@...ifal.cx> wrote: > > Thanks. How did you manage to find this bug? Just browsing source? > I was looking at implementations for strtod() (long story for another time) and I noticed that this library was the most pleasant C code I had seen in months (seriously), so I lingered a bit. So, the straightforward answer is "yes, code review". The slightly longer answer is that I have done the formal verification of "string to number" C functions in the past, found that they were correct, noticed the opposite trick, and somehow the relationship between the two clicked. So I was looking for a classic pitfall here. Since my previous e-mail, I have been analyzing a few more cases for fun, and musl's original code also has this issue for the 40 or so values below LONG_MAX. The problem is then: src/stdlib/atol.orig.c:14:[kernel] warning: Signed overflow. assert (long)((long)10*n)+(long)*tmp_0 ≤ 9223372036854775807LL; That is, you should in any case subtract '0' from the digit before adding it in at line 14. In the case of atoll() on IA32, it will even be more efficient. Pascal Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.