Re: Errors found by clang UBSan

James McCoy Sun, 18 Dec 2016 19:05:54 -0800

On Fri, Dec 16, 2016 at 10:51:06AM +0000, Mike Williams wrote:
> Patch attached to limit range of parsed integer numbers, cope with 2s
> complement asymmetry, and modify test that was triggering the UB warning.
> Tests pass but I don't have clang to check the UB warning so please test for
> that.


I found a few more places that exhibit UB.

:echo float2nr(pow(2, 33)) * float2nr(pow(2, 33))
eval.c:4085:12: runtime error: signed integer overflow: 8589934592 * 8589934592 
cannot be represented in type 'long'
    #0 0x6c22e1 in eval6 /home/jamessan/src/github.com/vim/src/eval.c:4085:12
    #1 0x6bf7d9 in eval5 /home/jamessan/src/github.com/vim/src/eval.c:3793:9
    #2 0x6badf1 in eval4 /home/jamessan/src/github.com/vim/src/eval.c:3492:9
    #3 0x6ba413 in eval3 /home/jamessan/src/github.com/vim/src/eval.c:3409:9
    #4 0x66bcc3 in eval2 /home/jamessan/src/github.com/vim/src/eval.c:3341:9
    #5 0x652332 in eval1 /home/jamessan/src/github.com/vim/src/eval.c:3269:9
    #6 0x69703c in ex_echo /home/jamessan/src/github.com/vim/src/eval.c:8189:6
    #7 0x84e8c1 in do_one_cmd 
/home/jamessan/src/github.com/vim/src/ex_docmd.c:2961:2
    #8 0x82e1ef in do_cmdline 
/home/jamessan/src/github.com/vim/src/ex_docmd.c:1110:17
    #9 0xcd9780 in nv_colon 
/home/jamessan/src/github.com/vim/src/normal.c:5398:15
    #10 0xc7ef08 in normal_cmd 
/home/jamessan/src/github.com/vim/src/normal.c:1149:5
    #11 0x14fa53b in main_loop 
/home/jamessan/src/github.com/vim/src/main.c:1311:6
    #12 0x14f191e in vim_main2 
/home/jamessan/src/github.com/vim/src/main.c:877:5
    #13 0x14e3529 in main /home/jamessan/src/github.com/vim/src/main.c:415:12
    #14 0x7f2eddf072b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #15 0x41d8a9 in _start (/home/jamessan/src/github.com/vim/src/vim+0x41d8a9)

SUMMARY: AddressSanitizer: undefined-behavior eval.c:4085:12 in 


:echo float2nr(pow(2, 63))
evalfunc.c:3341:29: runtime error: value 9.22337e+18 is outside the range of 
representable values of type 'long'
    #0 0x6edfd9 in f_float2nr 
/home/jamessan/src/github.com/vim/src/evalfunc.c:3341:29
    #1 0x6cd359 in call_internal_func 
/home/jamessan/src/github.com/vim/src/evalfunc.c:1001:5
    #2 0x13a52b2 in call_func 
/home/jamessan/src/github.com/vim/src/userfunc.c:1372:14
    #3 0x13a283b in get_func_tv 
/home/jamessan/src/github.com/vim/src/userfunc.c:455:8
    #4 0x6c550c in eval7 /home/jamessan/src/github.com/vim/src/eval.c:4349:13
    #5 0x6c1605 in eval6 /home/jamessan/src/github.com/vim/src/eval.c:3977:9
    #6 0x6bf7d9 in eval5 /home/jamessan/src/github.com/vim/src/eval.c:3793:9
    #7 0x6badf1 in eval4 /home/jamessan/src/github.com/vim/src/eval.c:3492:9
    #8 0x6ba413 in eval3 /home/jamessan/src/github.com/vim/src/eval.c:3409:9
    #9 0x66bcc3 in eval2 /home/jamessan/src/github.com/vim/src/eval.c:3341:9
    #10 0x652332 in eval1 /home/jamessan/src/github.com/vim/src/eval.c:3269:9
    #11 0x69703c in ex_echo /home/jamessan/src/github.com/vim/src/eval.c:8182:6
    #12 0x84e6f1 in do_one_cmd 
/home/jamessan/src/github.com/vim/src/ex_docmd.c:2961:2
    #13 0x82e01f in do_cmdline 
/home/jamessan/src/github.com/vim/src/ex_docmd.c:1110:17
    #14 0xcd95b0 in nv_colon 
/home/jamessan/src/github.com/vim/src/normal.c:5398:15
    #15 0xc7ed38 in normal_cmd 
/home/jamessan/src/github.com/vim/src/normal.c:1149:5
    #16 0x14fa36b in main_loop 
/home/jamessan/src/github.com/vim/src/main.c:1311:6
    #17 0x14f174e in vim_main2 
/home/jamessan/src/github.com/vim/src/main.c:877:5
    #18 0x14e3359 in main /home/jamessan/src/github.com/vim/src/main.c:415:12
    #19 0x7f2ded9e42b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #20 0x41d8a9 in _start (/home/jamessan/src/github.com/vim/src/vim+0x41d8a9)

SUMMARY: AddressSanitizer: undefined-behavior evalfunc.c:3341:29 in 


:echo float2nr(pow(2, 64)) + float2nr(pow(2, 64))
eval.c:3934:12: runtime error: signed integer overflow: 9223372036854775807 + 
9223372036854775807 cannot be represented in type 'long'
    #0 0x6c10d1 in eval5 /home/jamessan/src/github.com/vim/src/eval.c:3934:12
    #1 0x6badf1 in eval4 /home/jamessan/src/github.com/vim/src/eval.c:3492:9
    #2 0x6ba413 in eval3 /home/jamessan/src/github.com/vim/src/eval.c:3409:9
    #3 0x66bcc3 in eval2 /home/jamessan/src/github.com/vim/src/eval.c:3341:9
    #4 0x652332 in eval1 /home/jamessan/src/github.com/vim/src/eval.c:3269:9
    #5 0x69703c in ex_echo /home/jamessan/src/github.com/vim/src/eval.c:8182:6
    #6 0x84e751 in do_one_cmd 
/home/jamessan/src/github.com/vim/src/ex_docmd.c:2961:2
    #7 0x82e07f in do_cmdline 
/home/jamessan/src/github.com/vim/src/ex_docmd.c:1110:17
    #8 0xcd9610 in nv_colon 
/home/jamessan/src/github.com/vim/src/normal.c:5398:15
    #9 0xc7ed98 in normal_cmd 
/home/jamessan/src/github.com/vim/src/normal.c:1149:5
    #10 0x14fa3cb in main_loop 
/home/jamessan/src/github.com/vim/src/main.c:1311:6
    #11 0x14f17ae in vim_main2 
/home/jamessan/src/github.com/vim/src/main.c:877:5
    #12 0x14e33b9 in main /home/jamessan/src/github.com/vim/src/main.c:415:12
    #13 0x7ff6465122b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #14 0x41d8a9 in _start (/home/jamessan/src/github.com/vim/src/vim+0x41d8a9)

SUMMARY: AddressSanitizer: undefined-behavior eval.c:3934:12 in 


:echo float2nr(-1 * pow(2, 64)) - float2nr(pow(2, 64))
eval.c:3936:12: runtime error: signed integer overflow: -9223372036854775808 - 
9223372036854775807 cannot be represented in type 'long'
    #0 0x6c112d in eval5 /home/jamessan/src/github.com/vim/src/eval.c:3936:12
    #1 0x6badf1 in eval4 /home/jamessan/src/github.com/vim/src/eval.c:3492:9
    #2 0x6ba413 in eval3 /home/jamessan/src/github.com/vim/src/eval.c:3409:9
    #3 0x66bcc3 in eval2 /home/jamessan/src/github.com/vim/src/eval.c:3341:9
    #4 0x652332 in eval1 /home/jamessan/src/github.com/vim/src/eval.c:3269:9
    #5 0x69703c in ex_echo /home/jamessan/src/github.com/vim/src/eval.c:8182:6
    #6 0x84e751 in do_one_cmd 
/home/jamessan/src/github.com/vim/src/ex_docmd.c:2961:2
    #7 0x82e07f in do_cmdline 
/home/jamessan/src/github.com/vim/src/ex_docmd.c:1110:17
    #8 0xcd9610 in nv_colon 
/home/jamessan/src/github.com/vim/src/normal.c:5398:15
    #9 0xc7ed98 in normal_cmd 
/home/jamessan/src/github.com/vim/src/normal.c:1149:5
    #10 0x14fa3cb in main_loop 
/home/jamessan/src/github.com/vim/src/main.c:1311:6
    #11 0x14f17ae in vim_main2 
/home/jamessan/src/github.com/vim/src/main.c:877:5
    #12 0x14e33b9 in main /home/jamessan/src/github.com/vim/src/main.c:415:12
    #13 0x7f5bd1b452b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #14 0x41d8a9 in _start (/home/jamessan/src/github.com/vim/src/vim+0x41d8a9)

SUMMARY: AddressSanitizer: undefined-behavior eval.c:3936:12 in 

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Re: Errors found by clang UBSan

Raspunde prin e-mail lui