Tcl Source Code: View Ticket

Ticket UUID:	7deeddb36f217dac87bc68cb69718a89e3c7d5d7
Title:	signed integer overflow in Tcl_ScanObjCmd()
Type:	Patch	Version:	core-8-6-branch
Submitter:	chrstphrchvz	Created on:	2022-02-16 08:57:16
Subsystem:	23. [scan]	Assigned To:	jan.nijtmans
Priority:	5 Medium	Severity:	Minor
Status:	Closed	Last Modified:	2022-02-17 02:26:48
Resolution:	Fixed	Closed By:	chrstphrchvz
		Closed on:	2022-02-17 02:26:48
Description:	Setting `Tcl_WideInt wideValue` to the highest value representable by `Tcl_WideInt` and then doing `wideValue++` is signed integer overflow (undefined behavior). UBSan (`-fsanitize=signed-integer-overflow`) error when `Tcl_WideInt` is `long long`: % scan -0x18000000000000000 {%li} tcl/generic/tclScan.c:926:13: runtime error: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long long int' -9223372036854775808 Likewise when `Tcl_WideInt` is `long`: % scan -0x18000000000000000 {%li} tcl/generic/tclScan.c:926:13: runtime error: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'Tcl_WideInt' (aka 'long') -9223372036854775808 Increment only after casting to `Tcl_WideUInt` if wraparound behavior is desired (without e.g. `-fwrapv`); see attached patch.
User Comments:	chrstphrchvz added on 2022-02-17 02:26:48: I now notice the `WIDE_MIN` and `WIDE_MAX` macros in tclPort.h; should those be used instead for consistency? See use-wide-macros.diff. jan.nijtmans added on 2022-02-16 14:34:58: Fixed [0ac2e76e3f0b21cd\|here] Thanks for the report!

Attachments:

use-wide-macros.diff [download] added by chrstphrchvz on 2022-02-17 02:27:54. [details]
scanobjcmd-widemin.diff [download] added by chrstphrchvz on 2022-02-16 08:57:41. [details]