bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bash printf should diagnose integer overflow


From: Paul Eggert
Subject: Bash printf should diagnose integer overflow
Date: Tue, 12 Mar 2024 12:49:49 -0700
User-agent: Mozilla Thunderbird

Configuration Information:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -g -O2
uname output: Linux penguin.cs.ucla.edu 6.7.7-200.fc39.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Mar 1 16:53:59 UTC 2024 x86_64 GNU/Linux
Machine Type: x86_64-redhat-linux-gnu

Bash Version: 5.3
Patch Level: 26
Release Status: devel

Description:
        Commands like "printf '%10000000000000000000000000000s' ''"
        silently ignore width and precision.  They should report the
        integer overflow before continuing with a lesser width or
        precision.  (I ran into this bug while using Bash to output
        very long strings of spaces for some test cases.)

Repeat-By:
        printf '%10000000000000000000000000000s' ''

        It prints nothing.  It should print a diagnostic if it
        cannot do the requested operation.

Fix:
        Bash should use C23 <stdckdint.h> to check for integer
        overflow.  Gnulib supplies a replacement stdckdint.h that works
        on pre-C23 platforms; it's been extensively tested in other GNU
        apps and doesn't require much setup.

        The attached patches first add <stdckdint.h> to Bash, then
        replace Bash's by-hand overflow checking (which I think I
        contributed a while ago, if memory serves) with uses of the
        standard C23 macros, and finally fixes printf.  Although there
        are several other integer overflow bugs in Bash I thought
        I'd send these fixes in now.

        These patches use the Gnulib files intprops-internal.h and
        stdckdint.in.h unmodified.  I thought this would be better
        than trying to simplify them to cover just Bash's needs, as
        it will make it easier to sync with Gnulib later. However,
        for simplicity these patches do not use all the Gnulib machinery
        for <stdckdint.h>.

        These patches can be applied to Bash's devel branch (commit
        54f3ed2278025081f897b9bd958fcf099fd5be18 dated Mon Mar 4
        14:59:33 2024 -0500) by using the command "git am".

Attachment: 0001-maint-add-support-for-C23-style-stdckdint.h.patch
Description: Text Data

Attachment: 0002-Coalesce-multiple-PRIdMAX-definitions.patch
Description: Text Data

Attachment: 0003-Fix-problems-with-large-brace-expansions.patch
Description: Text Data

Attachment: 0004-printf-now-diagnoses-width-or-prec-overflow.patch
Description: Text Data


reply via email to

[Prev in Thread] Current Thread [Next in Thread]