* [PATCH 1/2] [gdb/exp] Fix UB in scalar_binop @ 2022-05-17 15:40 Tom de Vries 2022-05-17 15:40 ` [PATCH 2/2] [gdbsupport] Fix UB in print-utils.cc:int_string Tom de Vries 2022-05-23 13:04 ` [committed][PATCH 1/2] [gdb/exp] Fix UB in scalar_binop Tom de Vries 0 siblings, 2 replies; 4+ messages in thread From: Tom de Vries @ 2022-05-17 15:40 UTC (permalink / raw) To: gdb-patches When building gdb with -fsanitize=undefined, I run into: ... $ gdb -q -batch -ex "p -(-0x7fffffffffffffff - 1)" src/gdb/valarith.c:1385:10: runtime error: signed integer overflow: \ 0 - -9223372036854775808 cannot be represented in type 'long int' $1 = -9223372036854775808 ... Fix this by performing the substraction in scalar_binop using unsigned types. Tested on x86_64-linux. --- gdb/testsuite/gdb.base/arithmet.exp | 2 ++ gdb/valarith.c | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/gdb/testsuite/gdb.base/arithmet.exp b/gdb/testsuite/gdb.base/arithmet.exp index b6009a36235..4905c2e2706 100644 --- a/gdb/testsuite/gdb.base/arithmet.exp +++ b/gdb/testsuite/gdb.base/arithmet.exp @@ -98,3 +98,5 @@ gdb_test "print x-(y+w)" "3" gdb_test "print x/(y*w)" "0" gdb_test "print x-(y/w)" "9" gdb_test "print (x+y)*w" "42" + +gdb_test "p /x -(-0x7fffffffffffffff - 1)" " = 0x8000000000000000" diff --git a/gdb/valarith.c b/gdb/valarith.c index 6210267826e..526cc02599e 100644 --- a/gdb/valarith.c +++ b/gdb/valarith.c @@ -1382,7 +1382,10 @@ scalar_binop (struct value *arg1, struct value *arg2, enum exp_opcode op) break; case BINOP_SUB: - v = v1 - v2; + /* Avoid runtime error: signed integer overflow: \ + 0 - -9223372036854775808 cannot be represented in type + 'long int'. */ + v = (ULONGEST)v1 - (ULONGEST)v2; break; case BINOP_MUL: base-commit: a1f2ddd38378c8db63e75daa28b7e304c2fd774f -- 2.35.3 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 2/2] [gdbsupport] Fix UB in print-utils.cc:int_string 2022-05-17 15:40 [PATCH 1/2] [gdb/exp] Fix UB in scalar_binop Tom de Vries @ 2022-05-17 15:40 ` Tom de Vries 2022-05-23 13:06 ` [committed][PATCH " Tom de Vries 2022-05-23 13:04 ` [committed][PATCH 1/2] [gdb/exp] Fix UB in scalar_binop Tom de Vries 1 sibling, 1 reply; 4+ messages in thread From: Tom de Vries @ 2022-05-17 15:40 UTC (permalink / raw) To: gdb-patches When building gdb with -fsanitize=undefined, I run into: ... (gdb) PASS: gdb.ada/access_to_packed_array.exp: set logging enabled on maint print symbols^M print-utils.cc:281:29:runtime error: negation of -9223372036854775808 cannot \ be represented in type 'long int'; cast to an unsigned type to negate this \ value to itself (gdb) FAIL: gdb.ada/access_to_packed_array.exp: maint print symbols ... By running in a debug session, we find that this happens during printing of: ... typedef system.storage_elements.storage_offset: \ range -9223372036854775808 .. 9223372036854775807; ... Possibly, an ada test-case could be created that exercises this in isolation. The problem is here in int_string, where we negate a val with type LONGEST: ... return decimal2str ("-", -val, width); ... Fix this by, as recommend, using "-(ULONGEST)val" instead. Tested on x86_64-linux. --- gdbsupport/print-utils.cc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/gdbsupport/print-utils.cc b/gdbsupport/print-utils.cc index 73ff1afda30..7bbb6deea74 100644 --- a/gdbsupport/print-utils.cc +++ b/gdbsupport/print-utils.cc @@ -278,7 +278,11 @@ int_string (LONGEST val, int radix, int is_signed, int width, case 10: { if (is_signed && val < 0) - return decimal2str ("-", -val, width); + /* Cast to unsigned before negating, to prevent runtime error: + negation of -9223372036854775808 cannot be represented in type + 'long int'; cast to an unsigned type to negate this value to + itself. */ + return decimal2str ("-", -(ULONGEST)val, width); else return decimal2str ("", val, width); } -- 2.35.3 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [committed][PATCH 2/2] [gdbsupport] Fix UB in print-utils.cc:int_string 2022-05-17 15:40 ` [PATCH 2/2] [gdbsupport] Fix UB in print-utils.cc:int_string Tom de Vries @ 2022-05-23 13:06 ` Tom de Vries 0 siblings, 0 replies; 4+ messages in thread From: Tom de Vries @ 2022-05-23 13:06 UTC (permalink / raw) To: gdb-patches On 5/17/22 17:40, Tom de Vries via Gdb-patches wrote: > When building gdb with -fsanitize=undefined, I run into: > ... > (gdb) PASS: gdb.ada/access_to_packed_array.exp: set logging enabled on > maint print symbols^M > print-utils.cc:281:29:runtime error: negation of -9223372036854775808 cannot \ > be represented in type 'long int'; cast to an unsigned type to negate this \ > value to itself > (gdb) FAIL: gdb.ada/access_to_packed_array.exp: maint print symbols > ... > > By running in a debug session, we find that this happens during printing of: > ... > typedef system.storage_elements.storage_offset: \ > range -9223372036854775808 .. 9223372036854775807; > ... > Possibly, an ada test-case could be created that exercises this in isolation. > > The problem is here in int_string, where we negate a val with type LONGEST: > ... > return decimal2str ("-", -val, width); > ... > > Fix this by, as recommend, using "-(ULONGEST)val" instead. > > Tested on x86_64-linux. Committed. Thanks, - Tom > --- > gdbsupport/print-utils.cc | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/gdbsupport/print-utils.cc b/gdbsupport/print-utils.cc > index 73ff1afda30..7bbb6deea74 100644 > --- a/gdbsupport/print-utils.cc > +++ b/gdbsupport/print-utils.cc > @@ -278,7 +278,11 @@ int_string (LONGEST val, int radix, int is_signed, int width, > case 10: > { > if (is_signed && val < 0) > - return decimal2str ("-", -val, width); > + /* Cast to unsigned before negating, to prevent runtime error: > + negation of -9223372036854775808 cannot be represented in type > + 'long int'; cast to an unsigned type to negate this value to > + itself. */ > + return decimal2str ("-", -(ULONGEST)val, width); > else > return decimal2str ("", val, width); > } ^ permalink raw reply [flat|nested] 4+ messages in thread
* [committed][PATCH 1/2] [gdb/exp] Fix UB in scalar_binop 2022-05-17 15:40 [PATCH 1/2] [gdb/exp] Fix UB in scalar_binop Tom de Vries 2022-05-17 15:40 ` [PATCH 2/2] [gdbsupport] Fix UB in print-utils.cc:int_string Tom de Vries @ 2022-05-23 13:04 ` Tom de Vries 1 sibling, 0 replies; 4+ messages in thread From: Tom de Vries @ 2022-05-23 13:04 UTC (permalink / raw) To: gdb-patches On 5/17/22 17:40, Tom de Vries via Gdb-patches wrote: > When building gdb with -fsanitize=undefined, I run into: > ... > $ gdb -q -batch -ex "p -(-0x7fffffffffffffff - 1)" > src/gdb/valarith.c:1385:10: runtime error: signed integer overflow: \ > 0 - -9223372036854775808 cannot be represented in type 'long int' > $1 = -9223372036854775808 > ... > > Fix this by performing the substraction in scalar_binop using unsigned types. > > Tested on x86_64-linux. Committed. Thanks, - Tom > --- > gdb/testsuite/gdb.base/arithmet.exp | 2 ++ > gdb/valarith.c | 5 ++++- > 2 files changed, 6 insertions(+), 1 deletion(-) > > diff --git a/gdb/testsuite/gdb.base/arithmet.exp b/gdb/testsuite/gdb.base/arithmet.exp > index b6009a36235..4905c2e2706 100644 > --- a/gdb/testsuite/gdb.base/arithmet.exp > +++ b/gdb/testsuite/gdb.base/arithmet.exp > @@ -98,3 +98,5 @@ gdb_test "print x-(y+w)" "3" > gdb_test "print x/(y*w)" "0" > gdb_test "print x-(y/w)" "9" > gdb_test "print (x+y)*w" "42" > + > +gdb_test "p /x -(-0x7fffffffffffffff - 1)" " = 0x8000000000000000" > diff --git a/gdb/valarith.c b/gdb/valarith.c > index 6210267826e..526cc02599e 100644 > --- a/gdb/valarith.c > +++ b/gdb/valarith.c > @@ -1382,7 +1382,10 @@ scalar_binop (struct value *arg1, struct value *arg2, enum exp_opcode op) > break; > > case BINOP_SUB: > - v = v1 - v2; > + /* Avoid runtime error: signed integer overflow: \ > + 0 - -9223372036854775808 cannot be represented in type > + 'long int'. */ > + v = (ULONGEST)v1 - (ULONGEST)v2; > break; > > case BINOP_MUL: > > base-commit: a1f2ddd38378c8db63e75daa28b7e304c2fd774f ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-05-23 13:06 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-05-17 15:40 [PATCH 1/2] [gdb/exp] Fix UB in scalar_binop Tom de Vries 2022-05-17 15:40 ` [PATCH 2/2] [gdbsupport] Fix UB in print-utils.cc:int_string Tom de Vries 2022-05-23 13:06 ` [committed][PATCH " Tom de Vries 2022-05-23 13:04 ` [committed][PATCH 1/2] [gdb/exp] Fix UB in scalar_binop Tom de Vries
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).