From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <vries@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2205)
 id B5CAF38F861C; Mon, 23 May 2022 12:50:12 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B5CAF38F861C
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Tom de Vries <vries@sourceware.org>
To: gdb-cvs@sourceware.org
Subject: [binutils-gdb] [gdb/exp] Fix UB in scalar_binop
X-Act-Checkin: binutils-gdb
X-Git-Author: Tom de Vries <tdevries@suse.de>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 05527d8ca1082b4607e9ddc3209691f454b3b186
X-Git-Newrev: 5a3cf18c2ed9593f194ea22f50ea5651532f6cfc
Message-Id: <20220523125012.B5CAF38F861C@sourceware.org>
Date: Mon, 23 May 2022 12:50:12 +0000 (GMT)
X-BeenThere: gdb-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb-cvs mailing list <gdb-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb-cvs>,
 <mailto:gdb-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb-cvs/>
List-Help: <mailto:gdb-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb-cvs>,
 <mailto:gdb-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2022 12:50:12 -0000

https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D5a3cf18c2ed9=
593f194ea22f50ea5651532f6cfc

commit 5a3cf18c2ed9593f194ea22f50ea5651532f6cfc
Author: Tom de Vries <tdevries@suse.de>
Date:   Mon May 23 14:50:02 2022 +0200

    [gdb/exp] Fix UB in scalar_binop
   =20
    When building gdb with -fsanitize=3Dundefined, I run into:
    ...
    $ gdb -q -batch -ex "p -(-0x7fffffffffffffff - 1)"
    src/gdb/valarith.c:1385:10: runtime error: signed integer overflow: \
      0 - -9223372036854775808 cannot be represented in type 'long int'
    $1 =3D -9223372036854775808
    ...
   =20
    Fix this by performing the substraction in scalar_binop using unsigned =
types.
   =20
    Tested on x86_64-linux.

Diff:
---
 gdb/testsuite/gdb.base/arithmet.exp | 2 ++
 gdb/valarith.c                      | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/gdb/testsuite/gdb.base/arithmet.exp b/gdb/testsuite/gdb.base/a=
rithmet.exp
index b6009a36235..4905c2e2706 100644
--- a/gdb/testsuite/gdb.base/arithmet.exp
+++ b/gdb/testsuite/gdb.base/arithmet.exp
@@ -98,3 +98,5 @@ gdb_test "print x-(y+w)"  "3"
 gdb_test "print x/(y*w)"  "0"
 gdb_test "print x-(y/w)"  "9"
 gdb_test "print (x+y)*w" "42"
+
+gdb_test "p /x -(-0x7fffffffffffffff - 1)" " =3D 0x8000000000000000"
diff --git a/gdb/valarith.c b/gdb/valarith.c
index 6210267826e..526cc02599e 100644
--- a/gdb/valarith.c
+++ b/gdb/valarith.c
@@ -1382,7 +1382,10 @@ scalar_binop (struct value *arg1, struct value *arg2=
, enum exp_opcode op)
 	      break;
=20
 	    case BINOP_SUB:
-	      v =3D v1 - v2;
+	      /* Avoid runtime error: signed integer overflow: \
+		 0 - -9223372036854775808 cannot be represented in type
+		 'long int'.  */
+	      v =3D (ULONGEST)v1 - (ULONGEST)v2;
 	      break;
=20
 	    case BINOP_MUL: