public inbox for binutils-cvs@sourceware.org
help / color / mirror / Atom feed
* [binutils-gdb] ubsan: signed integer overflow in atof_generic
@ 2022-06-02 9:06 Alan Modra
0 siblings, 0 replies; only message in thread
From: Alan Modra @ 2022-06-02 9:06 UTC (permalink / raw)
To: bfd-cvs
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b038f394a9fb41b3bc45a55e6bffac5bac9fe9ef
commit b038f394a9fb41b3bc45a55e6bffac5bac9fe9ef
Author: Alan Modra <amodra@gmail.com>
Date: Thu Jun 2 18:28:57 2022 +0930
ubsan: signed integer overflow in atof_generic
Fix the signed overflows by using unsigned variables and detect
overflow at BUG! comment.
* atof-generic.c (atof_generic): Avoid signed integer overflow.
Return ERROR_EXPONENT_OVERFLOW if exponent overflows a long.
Diff:
---
gas/atof-generic.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/gas/atof-generic.c b/gas/atof-generic.c
index c3f818d9489..91583194868 100644
--- a/gas/atof-generic.c
+++ b/gas/atof-generic.c
@@ -72,11 +72,11 @@ atof_generic (/* return pointer to just AFTER number we read. */
const char *string_of_decimal_exponent_marks,
FLONUM_TYPE *address_of_generic_floating_point_number)
{
- int return_value; /* 0 means OK. */
+ int return_value = 0; /* 0 means OK. */
char *first_digit;
unsigned int number_of_digits_before_decimal;
unsigned int number_of_digits_after_decimal;
- long decimal_exponent;
+ unsigned long decimal_exponent;
unsigned int number_of_digits_available;
char digits_sign_char;
@@ -204,7 +204,7 @@ atof_generic (/* return pointer to just AFTER number we read. */
deleting zeros after decimal. In this case the decimal mark and
the first zero digits after decimal mark are skipped. */
seen_significant_digit = 0;
- signed long subtract_decimal_exponent = 0;
+ unsigned long subtract_decimal_exponent = 0;
if (c && IS_DECIMAL_MARK (c))
{
@@ -300,10 +300,11 @@ atof_generic (/* return pointer to just AFTER number we read. */
{
if (ISDIGIT (c))
{
+ if (decimal_exponent > LONG_MAX / 10
+ || (decimal_exponent == LONG_MAX / 10
+ && c > '0' + (char) (LONG_MAX - LONG_MAX / 10 * 10)))
+ return_value = ERROR_EXPONENT_OVERFLOW;
decimal_exponent = decimal_exponent * 10 + c - '0';
- /*
- * BUG! If we overflow here, we lose!
- */
}
else
{
@@ -327,7 +328,6 @@ atof_generic (/* return pointer to just AFTER number we read. */
number_of_digits_available =
number_of_digits_before_decimal + number_of_digits_after_decimal;
- return_value = 0;
if (number_of_digits_available == 0)
{
address_of_generic_floating_point_number->exponent = 0; /* Not strictly necessary */
@@ -505,7 +505,7 @@ atof_generic (/* return pointer to just AFTER number we read. */
size_of_power_in_littlenums = precision;
/* Precision has a built-in fudge factor so we get a few guard bits. */
- decimal_exponent_is_negative = decimal_exponent < 0;
+ decimal_exponent_is_negative = (long) decimal_exponent < 0;
if (decimal_exponent_is_negative)
{
decimal_exponent = -decimal_exponent;
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-06-02 9:06 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-02 9:06 [binutils-gdb] ubsan: signed integer overflow in atof_generic Alan Modra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).