This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug math/21309] New: signed integer overflow in sysdeps/ieee754/dbl-64/e_pow.c
- From: "bernd.edlinger at hotmail dot de" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Sun, 26 Mar 2017 15:07:03 +0000
- Subject: [Bug math/21309] New: signed integer overflow in sysdeps/ieee754/dbl-64/e_pow.c
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=21309
Bug ID: 21309
Summary: signed integer overflow in
sysdeps/ieee754/dbl-64/e_pow.c
Product: glibc
Version: 2.25
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: math
Assignee: unassigned at sourceware dot org
Reporter: bernd.edlinger at hotmail dot de
Target Milestone: ---
in sysdeps/ieee754/dbl-64/e_pow.c:
in the function checkint() in at line 470, 472, 478 and 480
the integer shift-left uses undefined behaviour
because m and n is signed integer and the shift overflows:
if (k > 20)
{
if (n << (k - 20) != 0)
return 0; /* if not integer */
return (n << (k - 21) != 0) ? -1 : 1;
}
if (n)
return 0; /*if not integer */
if (k == 20)
return (m & 1) ? -1 : 1;
if (m << (k + 12) != 0)
return 0;
return (m << (k + 11) != 0) ? -1 : 1;
proposed fix:
--- glibc-2.25/sysdeps/ieee754/dbl-64/e_pow.c 2017-02-05 16:28:43.000000000
+0100
+++ glibc-2.25/sysdeps/ieee754/dbl-64/e_pow.c 2017-03-26 16:52:59.774278139
+0200
@@ -452,7 +452,8 @@ checkint (double x)
int4 i[2];
double x;
} u;
- int k, m, n;
+ int k;
+ unsigned int m, n;
u.x = x;
m = u.i[HIGH_HALF] & 0x7fffffff; /* no sign */
if (m >= 0x7ff00000)
--
You are receiving this mail because:
You are on the CC list for the bug.