[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Integer overflow in functor/3
From: |
Daniel Diaz |
Subject: |
Re: Integer overflow in functor/3 |
Date: |
Thu, 4 Mar 2021 09:01:53 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 |
Hi,
thank you for the bug report.
This will be fixed in the next version.
Daniel
Le 11/15/20 à 7:25 AM, Mark Barbone a écrit :
> Hi all,
>
> I've found a minor bug in functor/3. With an arity argument outside
> the range of an int, the value is truncated into the size of an int.
>
> Here are two examples of potential outcomes, along with a correct
> example that doesn't have overflow:
>
> | ?- X is 1<<32 + 3, functor(F, hi, X).
>
> F = hi(_,_,_)
> X = 4294967299
>
> yes
> | ?- X is 1<<31, functor(F, hi, X).
> uncaught exception: error(type_error(atom,hi),functor/3)
> | ?- X is 1<<31 - 1, functor(F, hi, X).
> uncaught exception: error(representation_error(max_arity),functor/3)
>
> I would expect all of these to be representation_errors. The second
> example happens because of a catch-all error clause in Pl_Blt_Functor
> (term_inl_c.c, line 282):
>
> // ... checks if arity > 0 and functor_word is valid
> if (arity != 0)
> Pl_Err_Type(pl_type_atom, functor_word);
>
> The root cause is that arity is declared as an integer, instead of a
> PlLong (term_inl_c.c, line 225):
>
> int arity;
>
> Thanks, and I hope the bug report helps.
>
> -Mark
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: Integer overflow in functor/3,
Daniel Diaz <=