From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 5B94D6F3D8; Tue, 21 Sep 2021 13:59:33 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 5B94D6F3D8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1632221973; bh=pHG9lrkDsFAQi1tJg+ldQOZGVcVlzRzl9pxkPnX41HY=; h=To:Cc:Date:In-Reply-To:References:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=p9n8JkJ1ZOhUGXWUxwexju/elSipm5OATFsnvEuz8hXKQniMtZSRGl+FPITzIkJmC IwXS0RT/gwSkMx/CBTdbNASAzWtkbtSaiK/R9Hld1qz0jw+rvEjG7H6O9dgngGxNE/ 0h1xkOc+Wy8I+T9hccd9I08dxNgBX9jjIqejzJcI= Received: from smtpng2.i.mail.ru (smtpng2.i.mail.ru [94.100.179.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id C5D8F6EC41 for ; Tue, 21 Sep 2021 13:59:01 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org C5D8F6EC41 Received: by smtpng2.m.smailru.net with esmtpa (envelope-from ) id 1mSdUL-0002Mo-8b; Tue, 21 Sep 2021 13:59:01 +0300 To: v.shpilevoy@tarantool.org Cc: tarantool-patches@dev.tarantool.org Date: Tue, 21 Sep 2021 13:59:01 +0300 Message-Id: <505da04971a5ad368052a6090c17d9aaf51a73fe.1632220375.git.imeevma@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-4EC0790: 10 X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD91AE02D33A9C88A2FECE56E2A292C9F7D3C69CC5C84EEB3A800894C459B0CD1B9DEC2DCAD80C61827E9C86E462059D5C0994D8960CDEEF0A87CBF1C18CED4D92F X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7CE4525FFB91B9BBCEA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F79006374E88016F1B7D8D248638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D894C67FADF0864226E5ED9F92D55879C5117882F4460429724CE54428C33FAD305F5C1EE8F4F765FC55D5BE2F85BDEC5FA471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F44604297287769387670735201E561CDFBCA1751FCB629EEF1311BF91D2E47CDBA5A96583BA9C0B312567BB231DD303D21008E29813377AFFFEAFD269A417C69337E82CC2E827F84554CEF50127C277FBC8AE2E8BA83251EDC214901ED5E8D9A59859A8B62CFFCC7B69C47339089D37D7C0E48F6C5571747095F342E88FB05168BE4CE3AF X-C1DE0DAB: C20DE7B7AB408E4181F030C43753B8186998911F362727C414F749A5E30D975CB382FA991BF7A44CD1BAD0901FE75F270426C153B1583A209C2B6934AE262D3EE7EAB7254005DCED7532B743992DF240BDC6A1CF3F042BAD6DF99611D93F60EF520746E264B47742F36E2E0160E5C5538A5251AA20633D2658C12E6D310A6D534871F77D444DC01FDC48ACC2A39D04F89CDFB48F4795C241BDAD6C7F3747799A X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D34C75F910DBB8BE898CE08E7A97F138B81EFB01B43B58E7DAFEB5A0B84E3461BEEC156B4043C1471161D7E09C32AA3244C5ADA353BAAB60B380A1CCDCC1568E90F5A1673A01BA68E40729B2BEF169E0186 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojnvI84oHUDXBMPr0X+eH2jQ== X-Mailru-Sender: 689FA8AB762F7393C37E3C1AEC41BA5DD809753CE2AF0C699C60BD8A56C0AFE883D72C36FC87018B9F80AB2734326CD2FB559BB5D741EB96352A0ABBE4FDA4210A04DAD6CC59E33667EA787935ED9F1B X-Mras: Ok Subject: [Tarantool-patches] [PATCH v2 01/15] sql: fix possible undefined behavior during cast X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Mergen Imeev via Tarantool-patches Reply-To: imeevma@tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" This patch fixes possible undefined behavior during the implicit cast of INTEGER to DOUBLE. The problem is, if the INTEGER is close enough to 2^64, it will be cast to 2^64 when it is cast to DOUBLE. Since we have a check for loss of precision, this will cause this DOUBLE to be cast to an INTEGER, which will result in undefined behavior since this DOUBLE is outside the range of INTEGER. --- src/box/sql/mem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/box/sql/mem.c b/src/box/sql/mem.c index 5e23c901c..cc0fd836b 100644 --- a/src/box/sql/mem.c +++ b/src/box/sql/mem.c @@ -695,7 +695,7 @@ uint_to_double_precise(struct Mem *mem) assert(mem->type == MEM_TYPE_UINT); double d; d = (double)mem->u.u; - if (mem->u.u != (uint64_t)d) + if (d == (double)UINT64_MAX || mem->u.u != (uint64_t)d) return -1; mem->u.r = d; mem->flags = 0; -- 2.25.1