bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bash 2.05 print_rlimtype mishandles the most negative integer

From: Paul Eggert
Subject: Bash 2.05 print_rlimtype mishandles the most negative integer
Date: Mon, 30 Apr 2001 06:24:11 -0700 (PDT) 
From: eggert
To: bug-bash@gnu.org
Subject: [50 character or so descriptive subject here (for reference)]

Configuration Information [Automatically generated, do not change]:
Machine: sparc
OS: solaris2.7
Compiler: cc -xarch=v9
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='sparc' 
-DCONF_OSTYPE='solaris2.7' -DCONF_MACHTYPE='sparc-sun-solaris2.7' 
-DCONF_VENDOR='sun' -DSHELL  -DHAVE_CONFIG_H  -D_LARGEFILE_SOURCE 
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I.  -I.. -I../include -I../lib 
-I/tmp/prefix/include -g
uname output: SunOS sic.twinsun.com 5.7 Generic_106541-15 sun4u sparc 
SUNW,UltraSPARC-IIi-Engine
Machine Type: sparc-sun-solaris2.7

Bash Version: 2.05
Patch Level: 0
Release Status: release

Description:
        I found this bug by code inspection; it doesn't occur on my host.

        If RLIMTYPE is signed, Bash's print_rlimtype function mishandles
        the most negative value.  It attempts to take the absolute value,
        but this overflows.

Repeat-By:

Fix:
This patch assumes the earlier patch that I sent in, which defines
INT_STRLEN_BOUND.

2001-04-30  Paul Eggert  <eggert@twinsun.com>

        * general.c (print_rlimtype): Handle the most negative value correctly.

===================================================================
RCS file: general.c,v
retrieving revision 2.5.0.2
retrieving revision 2.5.0.3
diff -pu -r2.5.0.2 -r2.5.0.3
--- general.c   2001/04/13 07:08:33     2.5.0.2
+++ general.c   2001/04/30 13:21:08     2.5.0.3
@@ -112,26 +112,27 @@ print_rlimtype (n, addnl)
      RLIMTYPE n;
      int addnl;
 {
-  char s[sizeof (RLIMTYPE) * 3 + 1];
-  int len;
+  char s[INT_STRLEN_BOUND (RLIMTYPE) + 1];
+  char *p = s + sizeof (s);
 
-  if (n == 0)
-    {
-      printf ("0%s", addnl ? "\n" : "");
-      return;
-    }
+  *--p = '\0';
 
   if (n < 0)
     {
-      putchar ('-');
-      n = -n;
+      do
+       *--p = '0' - n % 10;
+      while ((n /= 10) != 0);
+
+      *--p = '-';
+    }
+  else
+    {
+      do
+       *--p = '0' + n % 10;
+      while ((n /= 10) != 0);
     }
 
-  len = sizeof (RLIMTYPE) * 3 + 1;
-  s[--len] = '\0';
-  for ( ; n != 0; n /= 10)
-    s[--len] = n % 10 + '0';
-  printf ("%s%s", s + len, addnl ? "\n" : "");
+  printf ("%s%s", p, addnl ? "\n" : "");
 }
 #endif /* RLIMTYPE */
reply via email to
[Prev in Thread] Current Thread [Next in Thread]