From owner-freebsd-bugs@FreeBSD.ORG Sun Jun 12 14:00:35 2005 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D72D16A41C for ; Sun, 12 Jun 2005 14:00:35 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2EC3043D55 for ; Sun, 12 Jun 2005 14:00:35 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j5CE0Zqr098865 for ; Sun, 12 Jun 2005 14:00:35 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j5CE0Yp5098854; Sun, 12 Jun 2005 14:00:35 GMT (envelope-from gnats) Resent-Date: Sun, 12 Jun 2005 14:00:35 GMT Resent-Message-Id: <200506121400.j5CE0Yp5098854@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Derik van Zuetphen Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 76C9916A41F for ; Sun, 12 Jun 2005 13:50:38 +0000 (GMT) (envelope-from dz@426.ch) Received: from smtp4.netcologne.de (smtp4.netcologne.de [194.8.194.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2BFB343D1D for ; Sun, 12 Jun 2005 13:50:37 +0000 (GMT) (envelope-from dz@426.ch) Received: from trevize.426.ch (xdsl-81-173-169-181.netcologne.de [81.173.169.181]) by smtp4.netcologne.de (Postfix) with ESMTP id 7BF21DA5A7 for ; Sun, 12 Jun 2005 15:50:36 +0200 (CEST) Received: by trevize.a.426.ch (Postfix, from userid 1000) id 07AB6678E7; Sun, 12 Jun 2005 15:50:41 +0200 (CEST) Message-Id: <20050612135041.07AB6678E7@trevize.a.426.ch> Date: Sun, 12 Jun 2005 15:50:41 +0200 (CEST) From: Derik van Zuetphen To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: bin/82161: m4's eval does not handle INT_MIN correctly X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jun 2005 14:00:35 -0000 >Number: 82161 >Category: bin >Synopsis: m4's eval does not handle INT_MIN correctly >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Jun 12 14:00:34 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Derik van Zuetphen >Release: FreeBSD 5.4-RELEASE-p1 i386 >Organization: >Environment: System: FreeBSD trevize.a.426.ch 5.4-RELEASE-p1 FreeBSD 5.4-RELEASE-p1 #15: Mon May 30 14:32:58 CEST 2005 root@trevize.a.426.ch:/usr/obj/usr/src/sys/TREVIZE i386 >Description: When eval sees a negative number it first parses the positive part and then negates it. Thus eval(-0x80000000) becomes eval(0x80000000) negated. unfortunately 0x80000000 equals INT_MAX+1 any yields an unnoticed overflow. >How-To-Repeat: % echo "eval(-0x80000000)" | /usr/bin/m4 -( After the patch: % echo "eval(-0x80000000)" | ./m4 m4: bad constant in expr -0x80000000. 0 >Fix: diff -ruN --exclude=CVS current/expr.c my/expr.c --- current/expr.c Sat May 1 05:59:43 2004 +++ my/expr.c Sun May 22 23:11:37 2005 @@ -50,6 +50,7 @@ #include __FBSDID("$FreeBSD: src/usr.bin/m4/expr.c,v 1.14 2004/05/01 03:59:43 smkelly Exp $"); +#include #include #include #include @@ -568,7 +569,8 @@ static int num(int mayeval) { - int rval, c, base; + unsigned int rval; + int c, base; int ndig; rval = 0; @@ -614,10 +616,10 @@ bad_digit: ungetch(); - if (ndig == 0) + if (ndig == 0 || rval > INT_MAX) experr("bad constant"); - return rval; + return (int)rval; } /* >Release-Note: >Audit-Trail: >Unformatted: