From owner-freebsd-bugs@FreeBSD.ORG  Mon Jul  7 21:51:33 2014
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id D5F7C8B8
 for <freebsd-bugs@FreeBSD.org>; Mon,  7 Jul 2014 21:51:33 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id BD6DE253C
 for <freebsd-bugs@FreeBSD.org>; Mon,  7 Jul 2014 21:51:33 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s67LpXZp071804
 for <freebsd-bugs@FreeBSD.org>; Mon, 7 Jul 2014 22:51:33 +0100 (BST)
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 191719] bin/expr doesn't detect some overflow errors with
 multiplication
Date: Mon, 07 Jul 2014 21:51:34 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: jilles@FreeBSD.org
X-Bugzilla-Status: Open
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_status cc
Message-ID: <bug-191719-8-NiwnFbGnqK@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-191719-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-191719-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jul 2014 21:51:33 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191719

Jilles Tjoelker <jilles@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Needs Triage                |Open
                 CC|                            |jilles@FreeBSD.org

--- Comment #2 from Jilles Tjoelker <jilles@FreeBSD.org> ---
All the overflow checks except for division and modulo are fundamentally broken
because they first let overflow happen and then attempt to check for it. Since
signed integer overflow is undefined behaviour, this allows the compiler to
optimize the overflow checks away, or worse.

Also, INTMAX_MIN modulo -1 causes SIGFPE on amd64, like

expr -e -- $((-0x7fffffffffffffff - 1)) % -1

Either op_rem() should not sabotage assert_div()'s check or op_rem() should
return a zero-valued integer for anything modulo -1.

-- 
You are receiving this mail because:
You are the assignee for the bug.