Re: [patch] fixed multiplication overflow in term.c:5039 detected by ubsan

[Bram Moolenaar]

Dominique wrote:

> Vim-7.4.1841 (and older) built with ubsan (undefined
> sanitizer) on x86 shows a multiplication overflow when
> clicking in the vim terminal for the first time:
> 
> term.c:5039:37: runtime error: signed integer overflow: 1464114431 *
> 1000 cannot be represented in type 'long int'
> 
> Steps to reproduce:
> 
> 1) build vim with ubsan. It can be done by
>    uncommenting this line in vim/src/Makefile
> 
> SANITIZER_CFLAGS = -g -O0 -fsanitize=undefined -fno-omit-frame-pointer
> 
> 2) start vim with:
>   $ vim -u NONE --noplugin -c 'set mouse=a' 2> log
> 
> 3) left-click in the terminal with the mouse
> 
> 4) observe the error in 'log' file.
> 
> It happens only on the first click.
> It also only happens on 32-bits Linux x86 and not on x86_64.
> 
> Code at term.c:5039:
> 
>   5030           /*
>   5031            * Compute the time elapsed since the previous mouse click.
>   5032            */
>   5033           gettimeofday(&mouse_time, NULL);
>   5034           timediff = (mouse_time.tv_usec
>   5035                                   - orig_mouse_time.tv_usec) / 1000;
>   5036           if (timediff < 0)
>   5037               --orig_mouse_time.tv_sec;
>   5038           timediff += (mouse_time.tv_sec
> !!5039                                    - orig_mouse_time.tv_sec) * 1000;
> 
> Adding printf, I can see that:
> 
> * mouse_time.tv_sec is 1464115088 (this value changes slightly
>   every time I reproduce the bug, as it depends on time)
> * orig_mouse_time.tv_sec is 0
> 
> So the multiplication by 1000 at line 5039 overflows in 32-bits
> on x86. Overflow does not happen on x86_64 as tv_sec is then
> a 64-bits number.
> 
> Attached patch fixes it.

Attachment is missing...

-- 
All good vision statements are created by groups of people with bloated
bladders who would rather be doing anything else.
                                (Scott Adams - The Dilbert principle)

 /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\  an exciting new programming language -- http://www.Zimbu.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.