Date: Fri, 17 Jul 2015 18:28:00 +0000 From: Loïc Runarvot <loic.runarvot@...st-in-soft.com> To: "musl@...ts.openwall.com" <musl@...ts.openwall.com> Subject: Left-shift of negative number According to the C11 standard, doing a left-shift on a negative integer is considered as an undefined behavior (6.5.7:4). This undefined behavior occurs in files src/multibyte/internal.c and src/multibyte/internal.h. At line 21 in the header (http://git.musl-libc.org/cgit/musl/tree/src/multibyte/internal.h?id=0f9c2666aca95eb98eb0ef4f4d8d1473c8ce3fa0#n21), the implementation of the macro-definition R allow to have a negative value on the expression ((a == 0x80) ? 0x40-b : -a) << 23. In fact, in the source file, at the line 11 (http://git.musl-libc.org/cgit/musl/tree/src/multibyte/internal.c?id=0f9c2666aca95eb98eb0ef4f4d8d1473c8ce3fa0#n11). During the application of the macro-definition R(0x90, 0xc0), we have a != 0x90, so it's try to do (-0x90) << 23, which is an undefined behavior. This bug was found in the context of the libc cross-testing project (a post blog has been written on this subject yesterday: http://trust-in-soft.com/the-libc-cross-testing-project) Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.