[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
-fsanitize=undefined detects undefined behaviour in signed shift overflo
|
From: |
Sergei Trofimovich |
|
Subject: |
-fsanitize=undefined detects undefined behaviour in signed shift overflow |
|
Date: |
Sat, 8 May 2021 20:55:48 +0100 |
Hello ncurses maintainers!
In search for an unrelated bug I built a few local tools with
`-fsanitize=undefined` gcc option to catch an suspected undefined
behaviour.
Among other things ncurses was flagged in ncurses-based applications as:
ncurses/tinfo/read_entry.c:111:19:
runtime error: left shift of 255 by 24 places cannot be represented in type
'int'
which looks like a real (perhaps minor) problem:
#else
static size_t
convert_32bits(char *buf, NCURSES_INT2 *Numbers, int count)
{
int i, j;
unsigned char ch;
for (i = 0; i < count; i++) {
int value = 0;
for (j = 0; j < SIZEOF_32BITS; ++j) {
ch = UChar(*buf++);
/* line 111: * / value |= (ch << (8 * j));
}
if (value == -1)
Numbers[i] = ABSENT_NUMERIC;
else if (value == -2)
Numbers[i] = CANCELLED_NUMERIC;
else if (value > MAX_OF_TYPE(NCURSES_INT2))
Numbers[i] = MAX_OF_TYPE(NCURSES_INT2);
else
Numbers[i] = (short) value;
TR(TRACE_DATABASE, ("get Numbers[%d]=%d", i, Numbers[i]));
}
return SIZEOF_SHORT;
}
Would it make sense to clean code up to avoid overflow for signed shift
in line 111?
Steps to reproduce on x86_64-pc-linux-gnu gcc-11.1.0 system:
$ git clone https://github.com/mirror/ncurses.git
$ cd ncurses
$ ./configure --enable-termcap CFLAGS='-O2 -g -fsanitize=undefined'
LDFLAGS='-O2 -g -fsanitize=undefined'
$ make
$ # progs/infocmp
../ncurses/./tinfo/read_entry.c:111:19: runtime error: left shift of 255 by
24 places cannot be represented in type 'int'
# Reconstructed via infocmp from file:
/usr/share/terminfo/s/screen-256color
screen-256color|GNU Screen with 256 colors,
...
Thank you!
--
Sergei
- -fsanitize=undefined detects undefined behaviour in signed shift overflow,
Sergei Trofimovich <=