https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88673
Bug ID: 88673
Summary: Overflowed array index read error
Product: gcc
Version: 6.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: venkateshprabu at gmail dot com
Target Milestone: ---
https://github.com/gcc-mirror/gcc/blob/gcc-6_2_0-release/libstdc++-v3/include/bits/random.tcc#L399
Coverity report:
399 _M_gen_rand(void)
400 {
401 const _UIntType __upper_mask = (~_UIntType()) << __r;
402 const _UIntType __lower_mask = ~__upper_mask;
403
1. Condition __k < 227UL /* 624UL - 397UL */, taking true branch.
4. Condition __k < 227UL /* 624UL - 397UL */, taking true branch.
7. Condition __k < 227UL /* 624UL - 397UL */, taking false branch.
404 for (size_t __k = 0; __k < (__n - __m); ++__k)
405 {
406 _UIntType __y = ((_M_x[__k] & __upper_mask)
407 | (_M_x[__k + 1] & __lower_mask));
2. Condition __y & 1, taking true branch.
5. Condition __y & 1, taking true branch.
408 _M_x[__k] = (_M_x[__k + __m] ^ (__y >> 1)
409 ^ ((__y & 0x01) ? __a : 0));
3. Jumping back to the beginning of the loop.
6. Jumping back to the beginning of the loop.
410 }
411
8. Condition __k < 623UL /* 624UL - 1 */, taking true branch.
412 for (size_t __k = (__n - __m); __k < (__n - 1); ++__k)
413 {
414 _UIntType __y = ((_M_x[__k] & __upper_mask)
415 | (_M_x[__k + 1] & __lower_mask));
9. overflow: Add operation overflows on operands __k and
18446744073709551389UL.
CID 4797118 (#1-2 of 2): Overflowed array index read (INTEGER_OVERFLOW)
10. overflow_sink: Overflowed or truncated value (or a value computed from an
overflowed or truncated value) __k + 18446744073709551389UL used as array
index.
416 _M_x[__k] = (_M_x[__k + (__m - __n)] ^ (__y >> 1)
417 ^ ((__y & 0x01) ? __a : 0));
418 }
