Ticket UUID: | 7deeddb36f217dac87bc68cb69718a89e3c7d5d7 | |||
Title: | signed integer overflow in Tcl_ScanObjCmd() | |||
Type: | Patch | Version: | core-8-6-branch | |
Submitter: | chrstphrchvz | Created on: | 2022-02-16 08:57:16 | |
Subsystem: | 23. [scan] | Assigned To: | jan.nijtmans | |
Priority: | 5 Medium | Severity: | Minor | |
Status: | Closed | Last Modified: | 2022-02-17 02:26:48 | |
Resolution: | Fixed | Closed By: | chrstphrchvz | |
Closed on: | 2022-02-17 02:26:48 | |||
Description: |
Setting Tcl_WideInt wideValue to the highest value representable by Tcl_WideInt and then doing wideValue++ is signed integer overflow (undefined behavior). UBSan (-fsanitize=signed-integer-overflow) error when Tcl_WideInt is long long:
Likewise when Tcl_WideInt is long:
Increment only after casting to Tcl_WideUInt if wraparound behavior is desired (without e.g. -fwrapv); see attached patch. | |||
User Comments: |
chrstphrchvz added on 2022-02-17 02:26:48:
I now notice the WIDE_MIN and WIDE_MAX macros in tclPort.h; should those be used instead for consistency? See use-wide-macros.diff. jan.nijtmans added on 2022-02-16 14:34:58: Fixed [0ac2e76e3f0b21cd|here] Thanks for the report! |