develooper Front page | perl.perl5.porters | Postings from November 2012

signed integer overflow in regcomp.c:3885

Reini Urban
November 29, 2012 21:43
signed integer overflow in regcomp.c:3885
Message ID:
clang svn has now a new checker -fsanitize=undefined

And it found this problem in blead:
./miniperl -Ilib -Idist/Cwd -Idist/Cwd/lib -Idist/Carp/lib pod/perlmodlib.PL -q
regcomp.c:3885:21: fatal error: signed integer overflow: 2 +
2147483647 cannot be represented in type 'int'

		delta += (minnext + deltanext) * maxcount - minnext * mincount;

2            + I32_MAX
(minnext + deltanext)

Since introducing a temp. U32 deltatmp to hold minnext + deltanext did not help,
we need to change the logic to be safe.

		U32 deltatmp = (minnext + deltanext) * maxcount;
		delta += (U32)(deltatmp - minnext * mincount);

Reini Urban Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About