GNU bug report logs - #18857
floating point exception on invalid argument

Previous Next

Package: diffutils;

Reported by: Tobias Stoeckmann <tobias <at> stoeckmann.org>

Date: Mon, 27 Oct 2014 20:07:01 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 18857 in the body.
You can then email your comments to 18857 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-diffutils <at> gnu.org:
bug#18857; Package diffutils. (Mon, 27 Oct 2014 20:07:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Tobias Stoeckmann <tobias <at> stoeckmann.org>:
New bug report received and forwarded. Copy sent to bug-diffutils <at> gnu.org. (Mon, 27 Oct 2014 20:07:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tobias Stoeckmann <tobias <at> stoeckmann.org>
To: bug-diffutils <at> gnu.org
Subject: floating point exception on invalid argument
Date: Mon, 27 Oct 2014 21:06:01 +0100

Hi,

on 64 bit systems, an invalid tabsize argument can trigger a floating
point exception:

$ diff --tabsize=9223372036854775808 . .
Floating point exception

Offending line is this one:
    intmax_t off = (w + t + GUTTER_WIDTH_MINIMUM) / (2 * t)  *  t;

The tabsize I supplied is 2^63, multiplying by 2 will be 2^64 which
is too large, so the divisor overflows to 0.

This is a purely cosmetical fix, I don't see the need to adjust anything
except avoiding this special value.  I doubt that anyone ever needed
these large numbers.


Tobias

--- diffutils-3.3/src/diff.c~	2014-10-27 20:54:30.968656876 +0100
+++ diffutils-3.3/src/diff.c	2014-10-27 20:54:41.360708407 +0100
@@ -594,7 +594,7 @@
 
 	case TABSIZE_OPTION:
 	  numval = strtoumax (optarg, &numend, 10);
-	  if (! (0 < numval && numval <= SIZE_MAX) || *numend)
+	  if (! (0 < numval && numval <= SIZE_MAX / 2) || *numend)
 	    try_help ("invalid tabsize '%s'", optarg);
 	  if (tabsize != numval)
 	    {
Reply sent to Paul Eggert <eggert <at> cs.ucla.edu>:
You have taken responsibility. (Tue, 28 Oct 2014 05:26:02 GMT) Full text and rfc822 format available.
Notification sent to Tobias Stoeckmann <tobias <at> stoeckmann.org>:
bug acknowledged by developer. (Tue, 28 Oct 2014 05:26:03 GMT) Full text and rfc822 format available.

Message #10 received at 18857-done <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Tobias Stoeckmann <tobias <at> stoeckmann.org>, 
 18857-done <at> debbugs.gnu.org
Subject: Re: [bug-diffutils] bug#18857: floating point exception on invalid
 argument
Date: Mon, 27 Oct 2014 22:24:48 -0700

[Message part 1 (text/plain, inline)]
Tobias Stoeckmann wrote:
> I don't see the need to adjust anything
> except avoiding this special value.  I doubt that anyone ever needed
> these large numbers.

Yes, it's hard to imagine anyone needing a tabsize that large.  Still, the GNU 
policy is to avoid unnecessary limits, so it's better to make the limit as large 
as easily possible, which here would be SIZE_MAX - GUTTER_WIDTH_MINIMUM.  Also, 
I see there are other ways the nearby code can overflow.  Plus, we should put in 
a test case for this bug.  So I installed the attached patch, which should 
address these issues.  Thanks for reporting the problem.

[0001-diff-fix-integer-overflow-problem-with-tabsize.patch (text/plain, attachment)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Tue, 25 Nov 2014 12:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 10 years and 287 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.