bin/82161: m4's eval does not handle INT_MIN correctly
Derik van Zuetphen
dz at 426.ch
Sun Jun 12 14:00:35 GMT 2005
>Number: 82161
>Category: bin
>Synopsis: m4's eval does not handle INT_MIN correctly
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Jun 12 14:00:34 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Derik van Zuetphen
>Release: FreeBSD 5.4-RELEASE-p1 i386
>Organization:
>Environment:
System: FreeBSD trevize.a.426.ch 5.4-RELEASE-p1 FreeBSD 5.4-RELEASE-p1 #15: Mon May 30 14:32:58 CEST 2005 root at trevize.a.426.ch:/usr/obj/usr/src/sys/TREVIZE i386
>Description:
When eval sees a negative number it first parses the positive part
and then negates it. Thus eval(-0x80000000) becomes
eval(0x80000000) negated. unfortunately 0x80000000 equals
INT_MAX+1 any yields an unnoticed overflow.
>How-To-Repeat:
% echo "eval(-0x80000000)" | /usr/bin/m4
-(
After the patch:
% echo "eval(-0x80000000)" | ./m4
m4: bad constant in expr -0x80000000.
0
>Fix:
diff -ruN --exclude=CVS current/expr.c my/expr.c
--- current/expr.c Sat May 1 05:59:43 2004
+++ my/expr.c Sun May 22 23:11:37 2005
@@ -50,6 +50,7 @@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD: src/usr.bin/m4/expr.c,v 1.14 2004/05/01 03:59:43 smkelly Exp $");
+#include <sys/limits.h>
#include <sys/types.h>
#include <ctype.h>
#include <err.h>
@@ -568,7 +569,8 @@
static int
num(int mayeval)
{
- int rval, c, base;
+ unsigned int rval;
+ int c, base;
int ndig;
rval = 0;
@@ -614,10 +616,10 @@
bad_digit:
ungetch();
- if (ndig == 0)
+ if (ndig == 0 || rval > INT_MAX)
experr("bad constant");
- return rval;
+ return (int)rval;
}
/*
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list