GNU bug report logs - #18857
floating point exception on invalid argument

Previous Next

Package: diffutils;

Reported by: Tobias Stoeckmann <tobias <at> stoeckmann.org>

Date: Mon, 27 Oct 2014 20:07:01 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#18857: closed (floating point exception on invalid argument)
Date: Tue, 28 Oct 2014 05:26:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Mon, 27 Oct 2014 22:24:48 -0700
with message-id <544F28A0.6060400 <at> cs.ucla.edu>
and subject line Re: [bug-diffutils] bug#18857: floating point exception on invalid argument
has caused the debbugs.gnu.org bug report #18857,
regarding floating point exception on invalid argument
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
18857: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=18857
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Tobias Stoeckmann <tobias <at> stoeckmann.org>
To: bug-diffutils <at> gnu.org
Subject: floating point exception on invalid argument
Date: Mon, 27 Oct 2014 21:06:01 +0100

Hi,

on 64 bit systems, an invalid tabsize argument can trigger a floating
point exception:

$ diff --tabsize=9223372036854775808 . .
Floating point exception

Offending line is this one:
    intmax_t off = (w + t + GUTTER_WIDTH_MINIMUM) / (2 * t)  *  t;

The tabsize I supplied is 2^63, multiplying by 2 will be 2^64 which
is too large, so the divisor overflows to 0.

This is a purely cosmetical fix, I don't see the need to adjust anything
except avoiding this special value.  I doubt that anyone ever needed
these large numbers.


Tobias

--- diffutils-3.3/src/diff.c~	2014-10-27 20:54:30.968656876 +0100
+++ diffutils-3.3/src/diff.c	2014-10-27 20:54:41.360708407 +0100
@@ -594,7 +594,7 @@
 
 	case TABSIZE_OPTION:
 	  numval = strtoumax (optarg, &numend, 10);
-	  if (! (0 < numval && numval <= SIZE_MAX) || *numend)
+	  if (! (0 < numval && numval <= SIZE_MAX / 2) || *numend)
 	    try_help ("invalid tabsize '%s'", optarg);
 	  if (tabsize != numval)
 	    {



[Message part 3 (message/rfc822, inline)]
From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Tobias Stoeckmann <tobias <at> stoeckmann.org>, 
 18857-done <at> debbugs.gnu.org
Subject: Re: [bug-diffutils] bug#18857: floating point exception on invalid
 argument
Date: Mon, 27 Oct 2014 22:24:48 -0700

[Message part 4 (text/plain, inline)]
Tobias Stoeckmann wrote:
> I don't see the need to adjust anything
> except avoiding this special value.  I doubt that anyone ever needed
> these large numbers.

Yes, it's hard to imagine anyone needing a tabsize that large.  Still, the GNU 
policy is to avoid unnecessary limits, so it's better to make the limit as large 
as easily possible, which here would be SIZE_MAX - GUTTER_WIDTH_MINIMUM.  Also, 
I see there are other ways the nearby code can overflow.  Plus, we should put in 
a test case for this bug.  So I installed the attached patch, which should 
address these issues.  Thanks for reporting the problem.

[0001-diff-fix-integer-overflow-problem-with-tabsize.patch (text/plain, attachment)]
This bug report was last modified 10 years and 287 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.