Bug #7371
closed
Fix undefined overflow checking in bigdecimal
Description
In AddExponent() at ext/bigdecimal/bigdecimal.c:3677, the overflow checks rely on signed integer overflow, which is undefined behavior in C.
SIGNED_VALUE m = e+n;
SIGNED_VALUE eb, mb;
if(e>0) {
if(n>0) {
mb = m*(SIGNED_VALUE)BASE_FIG;
eb = e*(SIGNED_VALUE)BASE_FIG;
if(mb<eb) goto overflow;
}
Some compilers (e.g., gcc 4.8) will optimize away such overflow checks due to undefined behavior. Ruby currently uses "-fno-strict-overflow" to disable such offending optimizations in gcc, but this workaround option is not supported by other compilers, thus not portable.
The attached patch uses unsigned multiplication for overflow checking, which is well defined in C.
Files
Updated by mrkn (Kenta Murata) over 11 years ago
- Category set to ext
- Assignee set to mrkn (Kenta Murata)
Updated by usa (Usaku NAKAMURA) over 11 years ago
- Status changed from Open to Assigned
Updated by xi (Xi Wang) over 11 years ago
To see how it works, try to compile the following (simplified) code with gcc 4.8. The entire function will be optimized away with "gcc -O2" (just grep "bar" in the resulting assembly code); gcc 4.7 or earlier doesn't do that.
#define SIGNED_VALUE long
#define BASE_FIG 9
void bar(void);
static void AddExponent(SIGNED_VALUE e, SIGNED_VALUE n)
{
SIGNED_VALUE m = e+n;
SIGNED_VALUE eb, mb;
if(e>0) {
if(n>0) {
mb = m*(SIGNED_VALUE)BASE_FIG;
eb = e*(SIGNED_VALUE)BASE_FIG;
if(mb<eb) goto overflow;
}
}
return;
overflow:
bar();
}
void foo(SIGNED_VALUE e)
{
AddExponent(e, 1);
}
Updated by mrkn (Kenta Murata) over 10 years ago
- Status changed from Assigned to Closed
I think this issue had been fixed by akr in r40214.