fix SIGFPE caused by signed division overflow

Message ID	1368219635-4524-1-git-send-email-xi.wang@gmail.com (mailing list archive)
State	Mainlined, archived
Headers	show Return-Path: <linux-sparse-owner@vger.kernel.org> From: Xi Wang <xi.wang@gmail.com> To: sparse@chrisli.org Cc: linux-sparse@vger.kernel.org, Xi Wang <xi.wang@gmail.com> Subject: [PATCH] fix SIGFPE caused by signed division overflow Date: Fri, 10 May 2013 17:00:35 -0400 Message-Id: <1368219635-4524-1-git-send-email-xi.wang@gmail.com> Sender: linux-sparse-owner@vger.kernel.org Precedence: bulk

Message ID

1368219635-4524-1-git-send-email-xi.wang@gmail.com (mailing list archive)

State

Mainlined, archived

Headers

From: Xi Wang <xi.wang@gmail.com>
To: sparse@chrisli.org
Cc: linux-sparse@vger.kernel.org, Xi Wang <xi.wang@gmail.com>
Subject: [PATCH] fix SIGFPE caused by signed division overflow
Date: Fri, 10 May 2013 17:00:35 -0400
Message-Id: <1368219635-4524-1-git-send-email-xi.wang@gmail.com>
Sender: linux-sparse-owner@vger.kernel.org
Precedence: bulk

Commit Message

Xi Wang May 10, 2013, 9 p.m. UTC

Avoid evaluating INT_MIN / -1 and INT_MIN % -1, which will trap on x86
and crash sparse.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
---
 expand.c         |  2 ++
 simplify.c       |  4 ++++
 validation/div.c | 29 +++++++++++++++++++++++++++++
 3 files changed, 35 insertions(+)
 create mode 100644 validation/div.c

Comments

Christopher Li May 11, 2013, 6:25 p.m. UTC | #1

On 05/10/2013 02:00 PM, Xi Wang wrote:
> Avoid evaluating INT_MIN / -1 and INT_MIN % -1, which will trap on x86
> and crash sparse.

Applied.

Chris
--
To unsubscribe from this list: send the line "unsubscribe linux-sparse" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/expand.c b/expand.c
index effd27b..2dfa5e5 100644
--- a/expand.c
+++ b/expand.c
@@ -239,6 +239,8 @@  static int simplify_int_binop(struct expression *expr, struct symbol *ctype)
 	case SIGNED('%'):
 		if (!r)
 			goto Div;
+		if (l == mask && sr == -1)
+			goto Overflow;
 		v = sl % sr;
 		break;
 
diff --git a/simplify.c b/simplify.c
index bda4a5b..b5cd0ea 100644
--- a/simplify.c
+++ b/simplify.c
@@ -406,6 +406,8 @@  static int simplify_constant_binop(struct instruction *insn)
 	case OP_DIVS:
 		if (!right)
 			return 0;
+		if (left == mask && right == -1)
+			return 0;
 		res = left / right;
 		break;
 	case OP_MODU:
@@ -416,6 +418,8 @@  static int simplify_constant_binop(struct instruction *insn)
 	case OP_MODS:
 		if (!right)
 			return 0;
+		if (left == mask && right == -1)
+			return 0;
 		res = left % right;
 		break;
 	case OP_SHL:
diff --git a/validation/div.c b/validation/div.c
new file mode 100644
index 0000000..3dcbfd5
--- /dev/null
+++ b/validation/div.c
@@ -0,0 +1,29 @@ 
+#include <limits.h>
+
+static int xd = 1 / 0;
+static int xl = 1L / 0;
+static int xll = 1LL / 0;
+
+static int yd = INT_MIN / -1;
+static long yl = LONG_MIN / -1;
+static long long yll = LLONG_MIN / -1;
+
+static int zd = INT_MIN % -1;
+static long zl = LONG_MIN % -1;
+static long long zll = LLONG_MIN % -1;
+
+/*
+ * check-name: division constants
+ *
+ * check-error-start
+div.c:3:19: warning: division by zero
+div.c:4:20: warning: division by zero
+div.c:5:22: warning: division by zero
+div.c:7:25: warning: constant integer operation overflow
+div.c:8:27: warning: constant integer operation overflow
+div.c:9:34: warning: constant integer operation overflow
+div.c:11:25: warning: constant integer operation overflow
+div.c:12:27: warning: constant integer operation overflow
+div.c:13:34: warning: constant integer operation overflow
+ * check-error-end
+ */

fix SIGFPE caused by signed division overflow

Commit Message

Comments

Patch