Edit report at https://bugs.php.net/bug.php?id=52550&edit=1
ID: 52550
Comment by: regehr at cs dot utah dot edu
Reported by: regehr at cs dot utah dot edu
Summary: integer undefined behaviors executed during "make
test"
Status: Analyzed
Type: Bug
Package: *General Issues
Operating System: linux
PHP Version: trunk-SVN-2010-08-06 (snap)
Block user comment: N
Private report: N
New Comment:
Also, our integer overflow checking tool can now be grabbed here:
http://embed.cs.utah.edu/ioc/
Previous Comments:
------------------------------------------------------------------------
[2012-06-21 04:30:33] regehr at cs dot utah dot edu
Updated results from today's PHP.
ARITHMETIC UNDEFINED at </home/regehr/tmp/php-src/ext/date/lib/parse_tz.c,
(135:35)> : Op: *, Reason : Signed Multiplication Overflow, BINARY OPERATION:
left (int32): 255 right (int32): 16777216
ARITHMETIC UNDEFINED at </home/regehr/tmp/php-src/ext/standard/math.c,
(148:24)>
: Op: -, Reason : Signed Subtraction Overflow, BINARY OPERATION: left (int32):
14 right (int32): -2147483648
ARITHMETIC UNDEFINED at </home/regehr/tmp/php-src/Zend/zend_hash.h, (350:2)> :
Op: -, Reason : Signed Subtraction Overflow, UNARY OPERATION: left (int64): 0
right (int64): -9223372036854775808
ARITHMETIC UNDEFINED at </home/regehr/tmp/php-src/Zend/zend_operators.c,
(1178:2)> : Op: <<, Reason : Signed Left Shift: Right operand is negative or is
greater than or equal to the width of the promoted left operand, BINARY
OPERATION: left (int64): 0 right (int64): 65
ARITHMETIC UNDEFINED at </home/regehr/tmp/php-src/Zend/zend_operators.c,
(1178:2)> : Op: <<, Reason : Signed Left Shift: Right operand is negative or is
greater than or equal to the width of the promoted left operand, BINARY
OPERATION: left (int64): 9223372036854775807 right (int64): -1
ARITHMETIC UNDEFINED at </home/regehr/tmp/php-src/Zend/zend_operators.c,
(1191:2)> : Op: >>, Reason : Signed Right Shift: Right operand is negative or
is
greater than or equal to the width of the promoted left operand, BINARY
OPERATION: left (int64): 0 right (int64): 65
ARITHMETIC UNDEFINED at </home/regehr/tmp/php-src/Zend/zend_operators.c,
(1191:2)> : Op: >>, Reason : Signed Right Shift: Right operand is negative or
is
greater than or equal to the width of the promoted left operand, BINARY
OPERATION: left (int64): 9223372036854775807 right (int64): -1
------------------------------------------------------------------------
[2011-06-12 02:56:20] cataphr...@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&revision=312074
Log: - Reverted r301991, which is a (partial) fix to bug #52550, addressing an
overflow in a signed subtraction. This fixes the overflow without
changing the algorithm.
------------------------------------------------------------------------
[2010-09-03 05:52:47] regehr at cs dot utah dot edu
Below are some updated results from our integer undefined behavior checker.
These are from php-trunk-201009022030 on x86-64 Linux.
The .log files from "make test" can be found here:
http://www.cs.utah.edu/~regehr/php-trunk-201009022030.test-logs.tar.gz
Basically you just want to grep for "CLANG UNDEFINED" in these files.
Summary:
</home/regehr/z/php-trunk-201009022030/Zend/zend_hash.h, (350:2)> : Op: +,
Reason : Signed Addition Overflow, BINARY OPERATION: left (int64):
9223372036854775800 right (int64): 8
</home/regehr/z/php-trunk-201009022030/Zend/zend_hash.h, (350:2)> : Op: -,
Reason : Signed Subtraction Overflow, UNARY OPERATION: left (int64): 0 right
(int64): -9223372036854775808
</home/regehr/z/php-trunk-201009022030/Zend/zend_operators.c, (1181:2)> : Op:
<<, Reason : Signed Left Shift: Right operand is negative or is greater than or
equal to the width of the promoted left operand, BINARY OPERATION: left
(int64): 0 right (int64): 65
</home/regehr/z/php-trunk-201009022030/Zend/zend_operators.c, (1194:2)> : Op:
>>, Reason : Signed Right Shift: Right operand is negative or is greater than
or equal to the width of the promoted left operand, BINARY OPERATION: left
(int64): 0 right (int64): 65
</home/regehr/z/php-trunk-201009022030/Zend/zend_operators.c, (766:31)> : Op:
+, Reason : Signed Addition Overflow, BINARY OPERATION: left (int64):
9223372036854775807 right (int64): 1
</home/regehr/z/php-trunk-201009022030/Zend/zend_operators.c, (828:31)> : Op:
-, Reason : Signed Subtraction Overflow, BINARY OPERATION: left (int64):
-9223372036854775808 right (int64): 1
</home/regehr/z/php-trunk-201009022030/Zend/zend_operators.c, (877:5)> : Op: *,
Reason : Signed Multiplication Overflow, BINARY OPERATION: left (int64):
9223372036854775807 right (int64): 7
</home/regehr/z/php-trunk-201009022030/ext/date/lib/parse_tz.c, (133:35)> : Op:
*, Reason : Signed Multiplication Overflow, BINARY OPERATION: left (int32): 255
right (int32): 16777216
</home/regehr/z/php-trunk-201009022030/ext/standard/math.c, (616:5)> : Op: *,
Reason : Signed Multiplication Overflow, BINARY OPERATION: left (int64):
2147483647 right (int64): 4611686014132420609
</home/regehr/z/php-trunk-201009022030/ext/standard/math.c, (620:5)> : Op: *,
Reason : Signed Multiplication Overflow, BINARY OPERATION: left (int64):
110075314176 right (int64): 110075314176
------------------------------------------------------------------------
[2010-08-08 17:45:04] il...@php.net
Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&revision=301991
Log: Additional fix for bug #52550 & fix test & warning from previous
fixes
------------------------------------------------------------------------
[2010-08-06 23:53:31] regehr at cs dot utah dot edu
FYI there are a few bogus errors in the list I posted earlier. Obviously (35 -
33) is well-defined in C. Sorry about that. It should be easy to recognize
and ignore these.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=52550
--
Edit this bug report at https://bugs.php.net/bug.php?id=52550&edit=1
