GNU bug report logs - #15924
[PATCH] dfa: avoid undefined behavior of "1 << 31"

Previous Next

Package: grep;

Reported by: Jim Meyering <jim <at> meyering.net>

Date: Tue, 19 Nov 2013 01:56:02 UTC

Severity: normal

Tags: patch

Done: Jim Meyering <jim <at> meyering.net>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 15924 <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Jim Meyering <jim <at> meyering.net>, 15924 <at> debbugs.gnu.org
Subject: Re: bug#15924: [PATCH] dfa: avoid undefined behavior of "1 << 31"
Date: Mon, 18 Nov 2013 18:16:10 -0800

Jim Meyering wrote:
>  static int
>  tstbit (unsigned int b, charclass const c)
>  {
> -  return c[b / INTBITS] & 1 << b % INTBITS;
> +  return c[b / INTBITS] & 1U << b % INTBITS;
>  }

On a machine with 32-bit int and where b % INTBITS is 31,
the expression c[b / INTBITS] & 1U << b % INTBITS
is of type 'unsigned' and can have the value 2**31, and
this will overflow when tstbit converts that value as an int,
leading to implementation-defined behavior, which can include
raising a signal.

Better would be something like this:

static bool
tstbit (unsigned int b, charclass const c)
{
  return c[b / INTBITS] >> b % INTBITS & 1;
}

and it'd probably be better to encourage this style in
other places where the problem occurs, e.g., quotearg.

This bug report was last modified 11 years and 211 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #15924 [PATCH] dfa: avoid undefined behavior of "1 << 31"

GNU bug report logs - #15924
[PATCH] dfa: avoid undefined behavior of "1 << 31"