From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id DF75C7034A; Tue, 26 Oct 2021 13:35:14 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org DF75C7034A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1635244515; bh=I0oZ5PwpPQXAHSJn5/zwctoUxwNii5Iz2oYZmUpzJJY=; h=To:Cc:Date:In-Reply-To:References:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=zrVIpz4ZTbrRR6IjgyanhO+Um3Cq+G0+YRQxH1XLvDvlmIt72VW3eLq1jahebZkvS kYusHFcAu7x6H3/vLyZRiNdNTVuGTOzxodieA+p+zBnUgmAzqRmc0jxetUEENQjrnY nhCkqJYl3xm4SPatzTMvF3JEBSO81oy+Pit75JUo= Received: from smtpng1.i.mail.ru (smtpng1.i.mail.ru [94.100.181.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 9AF58711B2 for ; Tue, 26 Oct 2021 13:34:07 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 9AF58711B2 Received: by smtpng1.m.smailru.net with esmtpa (envelope-from ) id 1mfJmQ-0000Yr-Nf; Tue, 26 Oct 2021 13:34:07 +0300 To: kyukhin@tarantool.org Cc: tarantool-patches@dev.tarantool.org Date: Tue, 26 Oct 2021 13:34:06 +0300 Message-Id: <671283e6473008dd1d0a8ec30ef824d35d650e51.1635244212.git.imeevma@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-4EC0790: 10 X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD9D1D35DBD2D15487E4274513AD34F4DF9D3103CEBF61746E9182A05F538085040AA4C5DD063EEF7F860E87601DA74A0A9EACDBE05D88A6EE07034BA54C00F9774 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7E50EC9128971FD6EEA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F79006378A9F193E39E334918638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D80D95B10C25D5BB6AE17471CF63F0FC0E117882F4460429724CE54428C33FAD305F5C1EE8F4F765FC5FC25ED3FCEC3375A471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F44604297287769387670735201E561CDFBCA1751FC26CFBAC0749D213D2E47CDBA5A96583BA9C0B312567BB231DD303D21008E29813377AFFFEAFD269A417C69337E82CC2E827F84554CEF50127C277FBC8AE2E8BA83251EDC214901ED5E8D9A59859A8B62CFFCC7B69C47339089D37D7C0E48F6C5571747095F342E88FB05168BE4CE3AF X-C1DE0DAB: C20DE7B7AB408E4181F030C43753B8186998911F362727C414F749A5E30D975C2749EEF4D85F8CCA30E3DFCE9578093F435BD84140E719949C2B6934AE262D3EE7EAB7254005DCED7532B743992DF240BDC6A1CF3F042BAD6DF99611D93F60EF166FC1BB2721D293DC48ACC2A39D04F89CDFB48F4795C241BDAD6C7F3747799A X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D346B222596F62B8FA94B06A378C46A8663F174AF092E0D075103E7B130C500058BA13516F8E4A0FC3E1D7E09C32AA3244CB5EFC76D38E9DD3881AF2310B075BDF91DD47778AE04E04D729B2BEF169E0186 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojNvH0qP3qm70kCViqnfoztw== X-Mailru-Sender: 689FA8AB762F7393C37E3C1AEC41BA5DE659EE213DA034444CAA049F4585969383D72C36FC87018B9F80AB2734326CD2FB559BB5D741EB96352A0ABBE4FDA4210A04DAD6CC59E33667EA787935ED9F1B X-Mras: Ok Subject: [Tarantool-patches] [PATCH v4 02/16] sql: fix possible undefined behavior during cast X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Mergen Imeev via Tarantool-patches Reply-To: imeevma@tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" This patch fixes possible undefined behavior during the implicit cast of INTEGER to DOUBLE. The problem is, if the INTEGER is close enough to 2^64, it will be cast to 2^64 when it is cast to DOUBLE. Since we have a check for loss of precision, this will cause this DOUBLE to be cast to an INTEGER, which will result in undefined behavior since this DOUBLE is outside the range of INTEGER. --- src/box/sql/mem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/box/sql/mem.c b/src/box/sql/mem.c index 89b99a183..99ac4d8e7 100644 --- a/src/box/sql/mem.c +++ b/src/box/sql/mem.c @@ -682,7 +682,7 @@ uint_to_double_precise(struct Mem *mem) assert(mem->type == MEM_TYPE_UINT); double d; d = (double)mem->u.u; - if (mem->u.u != (uint64_t)d) + if (d == (double)UINT64_MAX || mem->u.u != (uint64_t)d) return -1; mem->u.r = d; mem->flags = 0; -- 2.25.1