| Ticket UUID: | c6fea6ba6f6b2841ad4d1a569ccc3cb6f6484abc | |||
| Title: | possible signed integer overflow in Tcl_GetLongFromObj(), Tcl_GetWideIntFromObj() | |||
| Type: | Patch | Version: | core-8-6-branch | |
| Submitter: | chrstphrchvz | Created on: | 2022-02-16 02:15:18 | |
| Subsystem: | 48. Number Handling | Assigned To: | jan.nijtmans | |
| Priority: | 5 Medium | Severity: | Minor | |
| Status: | Closed | Last Modified: | 2022-02-16 15:42:55 | |
| Resolution: | Fixed | Closed By: | jan.nijtmans | |
| Closed on: | 2022-02-16 15:42:55 | |||
| Description: |
If Tcl_GetLongFromObj() or Tcl_GetWideIntFromObj() retrieve from a bignum whose value is LONG_MIN or WIDE_MIN respectively, then I believe there will be signed integer overflow (undefined behavior) on 2's complement systems. The attached patch should avoid this by using the same approach suggested for [89de498973]: negate before casting, and by subtracting from 0 (binary minus) to avoid compiler warnings for unary minus with unsigned operand (e.g. MSVC /W2 warning C4146). However I have not identified a Tcl syntax example to trigger the overflow, as I have not found how to create a bignum with a value representable by long or Tcl_WideInt that can be saved and used by a command that then passes it to Tcl_GetLongFromObj() or Tcl_GetWideIntFromObj(); maybe I can come up with a C example. | |||
| User Comments: |
jan.nijtmans added on 2022-02-16 15:42:55:
Fixed[efbf66da7d0a9b8d|here] Thanks for the report! | |||
Attachments:
- bignum-to-long-wide.diff [download] added by chrstphrchvz on 2022-02-16 02:16:58. [details]