diff options
| author | Xi Wang <xi.wang@gmail.com> | 2013-05-10 17:00:35 -0400 |
|---|---|---|
| committer | Christopher Li <sparse@chrisli.org> | 2013-05-11 10:57:17 -0700 |
| commit | 652eb801d2141b57dca3215e71c55e8356b407a2 (patch) | |
| tree | 02ce9b968a82b6247c3f3bdc3b523fb9dc60c6fe | |
| parent | 5449cfbfe55eea2a602a40122c122b5040d67243 (diff) | |
| download | sparse-652eb801d2141b57dca3215e71c55e8356b407a2.tar.gz | |
fix SIGFPE caused by signed division overflow
Avoid evaluating INT_MIN / -1 and INT_MIN % -1, which will trap on x86
and crash sparse.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Christopher Li <sparse@chrisli.org>
| -rw-r--r-- | expand.c | 2 | ||||
| -rw-r--r-- | simplify.c | 4 | ||||
| -rw-r--r-- | validation/div.c | 29 |
3 files changed, 35 insertions, 0 deletions
@@ -239,6 +239,8 @@ static int simplify_int_binop(struct expression *expr, struct symbol *ctype) case SIGNED('%'): if (!r) goto Div; + if (l == mask && sr == -1) + goto Overflow; v = sl % sr; break; @@ -406,6 +406,8 @@ static int simplify_constant_binop(struct instruction *insn) case OP_DIVS: if (!right) return 0; + if (left == mask && right == -1) + return 0; res = left / right; break; case OP_MODU: @@ -416,6 +418,8 @@ static int simplify_constant_binop(struct instruction *insn) case OP_MODS: if (!right) return 0; + if (left == mask && right == -1) + return 0; res = left % right; break; case OP_SHL: diff --git a/validation/div.c b/validation/div.c new file mode 100644 index 00000000..3dcbfd57 --- /dev/null +++ b/validation/div.c @@ -0,0 +1,29 @@ +#include <limits.h> + +static int xd = 1 / 0; +static int xl = 1L / 0; +static int xll = 1LL / 0; + +static int yd = INT_MIN / -1; +static long yl = LONG_MIN / -1; +static long long yll = LLONG_MIN / -1; + +static int zd = INT_MIN % -1; +static long zl = LONG_MIN % -1; +static long long zll = LLONG_MIN % -1; + +/* + * check-name: division constants + * + * check-error-start +div.c:3:19: warning: division by zero +div.c:4:20: warning: division by zero +div.c:5:22: warning: division by zero +div.c:7:25: warning: constant integer operation overflow +div.c:8:27: warning: constant integer operation overflow +div.c:9:34: warning: constant integer operation overflow +div.c:11:25: warning: constant integer operation overflow +div.c:12:27: warning: constant integer operation overflow +div.c:13:34: warning: constant integer operation overflow + * check-error-end + */ |