Loading ...
Sorry, an error occurred while loading the content.

Re: [patch] fixed signed int overflow (in move.c)

Expand Messages
  • Bram Moolenaar
    ... Thanks, I ll add this to the todo list. -- Shift happens. -- Doppler /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net ///
    Message 1 of 6 , Nov 7, 2012
    • 0 Attachment
      Dominique Pelle wrote:

      > Here are more signed int overflows with undefined behavior
      > discovered with the IOC tool (http://embed.cs.utah.edu/ioc/):
      >
      > CLANG ARITHMETIC UNDEFINED at <move.c, (2591:12)> : Op: +, Reason :
      > Signed Addition Overflow, BINARY OPERATION: left (int32): 2147483647
      > right (int32): 1
      >
      > CLANG ARITHMETIC UNDEFINED at <move.c, (2603:12)> : Op: +, Reason :
      > Signed Addition Overflow, BINARY OPERATION: left (int32): 2147483647
      > right (int32): 2147483647
      >
      > CLANG ARITHMETIC UNDEFINED at <move.c, (2603:41)> : Op: +, Reason :
      > Signed Addition Overflow, BINARY OPERATION: left (int32): 2147483647
      > right (int32): 1
      >
      > I can reproduce these overflows as follows:
      >
      > $ yes 1 | head -5 > 1
      > $ yes 2 | head -5 > 2
      > $ vim -u NONE -c 'set wrap' -d 1 2
      >
      > Then press <PgDown> followed by <PgUp> and the overflow happens.
      >
      > Even assuming a two's complement representation of
      > signed value, I think that code is still wrong here:
      >
      > move.c:
      >
      > 2591 if (h3 + h2 > min_height)
      > 2592 {
      > 2593 *lp = loff0; /* no overlap */
      > 2594 return;
      > 2595 }
      >
      > h3 and/or h2 are signed int variables. They can be
      > equal to MAXCOL (0x7fffffffL). So the addition
      > at line 2591 can overflow giving in general a negative
      > value (but in theory behavior is undefined for signed
      > int overflows). The intention of MAXCOL here was
      > behave as a large height.
      >
      > Attached patch fixes it but please review it.
      >
      > IOC tool no longer complains with the patch.

      Thanks, I'll add this to the todo list.

      --
      Shift happens.
      -- Doppler

      /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
      /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
      \\\ an exciting new programming language -- http://www.Zimbu.org ///
      \\\ help me help AIDS victims -- http://ICCF-Holland.org ///

      --
      You received this message from the "vim_dev" maillist.
      Do not top-post! Type your reply below the text you are replying to.
      For more information, visit http://www.vim.org/maillist.php
    Your message has been successfully submitted and would be delivered to recipients shortly.