GNU bug report logs - #37585
Undefined behavior in nl, print_lineno

Previous Next

Package: coreutils;

Reported by: Roland Illig <roland.illig <at> gmx.de>

Date: Wed, 2 Oct 2019 14:52:02 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 37585 in the body.
You can then email your comments to 37585 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-coreutils <at> gnu.org:
bug#37585; Package coreutils. (Wed, 02 Oct 2019 14:52:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Roland Illig <roland.illig <at> gmx.de>:
New bug report received and forwarded. Copy sent to bug-coreutils <at> gnu.org. (Wed, 02 Oct 2019 14:52:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Roland Illig <roland.illig <at> gmx.de>
To: bug-coreutils <at> gnu.org
Subject: Undefined behavior in nl, print_lineno
Date: Wed, 2 Oct 2019 16:50:53 +0200

The current code says:

  next_line_no = line_no + page_incr;
  if (next_line_no < line_no)
    die (EXIT_FAILURE, 0, _("line number overflow"));

Since intmax_t is a regular integer type, overflow invokes undefined
behavior and must therefore be checked using other means.
Reply sent to Paul Eggert <eggert <at> cs.ucla.edu>:
You have taken responsibility. (Thu, 03 Oct 2019 19:45:02 GMT) Full text and rfc822 format available.
Notification sent to Roland Illig <roland.illig <at> gmx.de>:
bug acknowledged by developer. (Thu, 03 Oct 2019 19:45:02 GMT) Full text and rfc822 format available.

Message #10 received at 37585-done <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Roland Illig <roland.illig <at> gmx.de>
Cc: 37585-done <at> debbugs.gnu.org
Subject: Re: bug#37585: Undefined behavior in nl, print_lineno
Date: Thu, 3 Oct 2019 12:43:54 -0700

[Message part 1 (text/plain, inline)]
On 10/2/19 7:50 AM, Roland Illig wrote:
> The current code says:
> 
>    next_line_no = line_no + page_incr;
>    if (next_line_no < line_no)
>      die (EXIT_FAILURE, 0, _("line number overflow"));
> 
> Since intmax_t is a regular integer type, overflow invokes undefined
> behavior and must therefore be checked using other means.

Thanks for the bug report. I looked for similar problems involving 
integer-overflow diagnostics in coreutils and installed the attached 
patches. The second patch should fix the bug you mentioned.

[0001-cp-simplify-integer-overflow-checking.patch (text/x-patch, attachment)]
[0002-nl-fix-integer-overflow-bug.patch (text/x-patch, attachment)]
[0003-numfmt-avoid-unlikely-integer-overflow.patch (text/x-patch, attachment)]
[0004-truncate-avoid-integer-overflow-assumptions.patch (text/x-patch, attachment)]
Information forwarded to bug-coreutils <at> gnu.org:
bug#37585; Package coreutils. (Thu, 03 Oct 2019 20:23:02 GMT) Full text and rfc822 format available.

Message #13 received at 37585-done <at> debbugs.gnu.org (full text, mbox):

From: Roland Illig <roland.illig <at> gmx.de>
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: 37585-done <at> debbugs.gnu.org
Subject: Re: bug#37585: Undefined behavior in nl, print_lineno
Date: Thu, 3 Oct 2019 22:17:26 +0200

Am 03.10.2019 um 21:43 schrieb Paul Eggert:
> Thanks for the bug report. I looked for similar problems involving
> integer-overflow diagnostics in coreutils and installed the attached
> patches. The second patch should fix the bug you mentioned.

Ah, the code looks so much simpler and nicer with the high-level
overflow check macros in place. Thank you for analyzing and fixing this
thoroughly.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Fri, 01 Nov 2019 11:24:06 GMT) Full text and rfc822 format available.
This bug report was last modified 4 years and 176 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.