|
From: | Paul Eggert |
Subject: | Re: Bash printf should diagnose integer overflow |
Date: | Tue, 19 Mar 2024 20:48:20 -0700 |
User-agent: | Mozilla Thunderbird |
On 3/18/24 12:41, Chet Ramey wrote:
I'm not sure what you're using, but that was not my experience on macOS.
I am using Fedora 39 (the current version) on x86-64. That could explain our differing experiences.
I see several diagnostics (mostly diff output) with "make check" on Fedora 39. The diagnostics can vary from run to run, i.e., they aren't necessarily reproducible. I assumed these were OK because I got 'em before any patches. From my point of view the diff output was sort of random, so I eyeballed it and guessed which outputs mattered and which didn't. Apparently I guessed incorrectly with fw.
At some point I suppose it'd be nice if 'make check' succeeded (exit status 0) or failed (nonzero exit status) so that it is easy for non-experts to tell which diagnostics matter; that's what many other packages do. For now I'd rather focus on the integer overflow issues in Bash, while they're fresh in my mind.
First, the patched version doesn't build on macOS because your patches don't include <stdbool.h>. Once you get past that, printf goes into an infinite loop on printf -v s "%b" "" in printstr because `fw' is used unititialized (and randomly set to some ridiculously large value). That and the old test's incorrect expectation that a field width of 9223372036854775825 would always overflow to -1 (a left-adjusted field width of 1) instead of being flagged as overflow are the UB I was talking about.
Yes, I see now. I didn't get that behavior on Fedora, perhaps because the junk in fw was benign there.
Perhaps at some point we could enable more of GCC's static checking to catch silly mistakes like that. Again, a task for another time.
It should be mostly there in the changes I pushed today, once I made it through the above.
Thanks, I checked the devel branch against what I submitted, found a few errors, and while reviewing all this found and fixed a few other integer-overflow issues in Bash. Proposed patches attached, in "git format-patch" format so you can use "git am" on them. If there's some reason a patch shouldn't be applied please let me know so that I can stop worrying about that subissue.
0001-Improve-use-of-HAVE_C_BOOL.patch
Description: Text Data
0002-Minor-mkseq-clarification-tuning.patch
Description: Text Data
0003-Simplify-mkseq-control.patch
Description: Text Data
0004-printf-M.Nq-should-respect-N-even-if-M-overflows.patch
Description: Text Data
0005-Fix-bug-with-printf-.NQ-when-N-is-large.patch
Description: Text Data
0006-Omit-unnecessary-INT_MAX-checks-in-printf_builtin.patch
Description: Text Data
0007-Omit-unused-typemax.h-macros.patch
Description: Text Data
0008-Omit-unused-stringlist-functions.patch
Description: Text Data
0009-Define-NULL-offsetof-in-bashansi.h.patch
Description: Text Data
0010-Do-not-crash-if-NMEMB-SIZE-overflows-in-alloc.patch
Description: Text Data
[Prev in Thread] | Current Thread | [Next in Thread] |