signed integer overflow in regcomp.c:3885

Front page | perl.perl5.porters | Postings from November 2012

signed integer overflow in regcomp.c:3885

From:

Reini Urban

Date:

November 29, 2012 21:43

Subject:

signed integer overflow in regcomp.c:3885

Message ID:

CAHiT=DGLffq2zbBjg1y8+m8GACJzx00FiSZWGj8Br8fYrwMSpw@mail.gmail.com

clang svn has now a new checker -fsanitize=undefined

And it found this problem in blead:
./miniperl -Ilib -Idist/Cwd -Idist/Cwd/lib -Idist/Carp/lib pod/perlmodlib.PL -q
regcomp.c:3885:21: fatal error: signed integer overflow: 2 +
2147483647 cannot be represented in type 'int'

		delta += (minnext + deltanext) * maxcount - minnext * mincount;

2            + I32_MAX
(minnext + deltanext)

Since introducing a temp. U32 deltatmp to hold minnext + deltanext did not help,
we need to change the logic to be safe.

		U32 deltatmp = (minnext + deltanext) * maxcount;
		delta += (U32)(deltatmp - minnext * mincount);

-- 
Reini Urban
http://cpanel.net/   http://www.perl-compiler.org/

signed integer overflow in regcomp.c:3885 by Reini Urban

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About