[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 30 Apr 2020 16:31:11 -0400
From: Jeffrey Walton <noloader@...il.com>
To: musl@...ts.openwall.com
Subject: Re: bug: integer overflow in memmem()
On Thu, Apr 30, 2020 at 2:30 PM Alfred Agrell <alfred@...ell.info> wrote:
>
> To reproduce: Compile src/string/memmem.c with -fsanitize=undefined, then
>
> int main()
> {
> char a[4] = { -1,-1,-1,-1 };
> memmem(a, 4, a, 3);
> memmem(a, 4, a, 4);
> }
>
> Expected result: No output
>
> Actual (Ubuntu 18.04 x86_64, gcc 7.5.0, ):
>
> memmem.c:15:20: runtime error: left shift of 255 by 24 places cannot be
> represented in type 'int'
> memmem.c:16:20: runtime error: left shift of 255 by 24 places cannot be
> represented in type 'int'
> memmem.c:24:20: runtime error: left shift of 255 by 24 places cannot be
> represented in type 'int'
> memmem.c:25:20: runtime error: left shift of 255 by 24 places cannot be
> represented in type 'int'
>...
>
> I'm not aware of any compiler on any platform where it'll actually
> break, so your choice whether this is a real bug. I didn't check if
> similar issues exist elsewhere across musl.
Try Intel ICC. It is ruthless and removes undefined behavior every
chance it gets. It can usually break a program with UB that GCC, Clang
and MSVC compile OK.
Jeff
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
