From: Mergen Imeev via Tarantool-patches <tarantool-patches@dev.tarantool.org> To: v.shpilevoy@tarantool.org Cc: tarantool-patches@dev.tarantool.org Subject: [Tarantool-patches] [PATCH v3 01/15] sql: fix possible undefined behavior during cast Date: Fri, 1 Oct 2021 10:42:46 +0300 [thread overview] Message-ID: <68df7d554bef92d1840527cb26a1ba1698296385.1633073759.git.imeevma@gmail.com> (raw) In-Reply-To: <cover.1633073759.git.imeevma@gmail.com> This patch fixes possible undefined behavior during the implicit cast of INTEGER to DOUBLE. The problem is, if the INTEGER is close enough to 2^64, it will be cast to 2^64 when it is cast to DOUBLE. Since we have a check for loss of precision, this will cause this DOUBLE to be cast to an INTEGER, which will result in undefined behavior since this DOUBLE is outside the range of INTEGER. --- src/box/sql/mem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/box/sql/mem.c b/src/box/sql/mem.c index 5e23c901c..cc0fd836b 100644 --- a/src/box/sql/mem.c +++ b/src/box/sql/mem.c @@ -695,7 +695,7 @@ uint_to_double_precise(struct Mem *mem) assert(mem->type == MEM_TYPE_UINT); double d; d = (double)mem->u.u; - if (mem->u.u != (uint64_t)d) + if (d == (double)UINT64_MAX || mem->u.u != (uint64_t)d) return -1; mem->u.r = d; mem->flags = 0; -- 2.25.1
next prev parent reply other threads:[~2021-10-01 7:43 UTC|newest] Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-10-01 7:42 [Tarantool-patches] [PATCH v3 00/15] sql: refactor aggregate functions Mergen Imeev via Tarantool-patches 2021-10-01 7:42 ` Mergen Imeev via Tarantool-patches [this message] 2021-10-01 7:42 ` [Tarantool-patches] [PATCH v3 02/15] sql: use register P1 for number of arguments Mergen Imeev via Tarantool-patches 2021-10-01 7:42 ` [Tarantool-patches] [PATCH v3 03/15] sql: remove AggStep0 and OP_BuiltinFunction0 Mergen Imeev via Tarantool-patches 2021-10-01 7:42 ` [Tarantool-patches] [PATCH v3 04/15] sql: move collation to struct sql_context Mergen Imeev via Tarantool-patches 2021-10-01 7:42 ` [Tarantool-patches] [PATCH v3 05/15] sql: introduce mem_append() Mergen Imeev via Tarantool-patches 2021-10-01 7:42 ` [Tarantool-patches] [PATCH v3 06/15] sql: remove sql_vdbemem_finalize() Mergen Imeev via Tarantool-patches 2021-10-01 7:42 ` [Tarantool-patches] [PATCH v3 07/15] sql: refactor SUM() function Mergen Imeev via Tarantool-patches 2021-10-01 7:43 ` [Tarantool-patches] [PATCH v3 08/15] sql: refactor TOTAL() function Mergen Imeev via Tarantool-patches 2021-10-01 7:43 ` [Tarantool-patches] [PATCH v3 09/15] sql: refactor AVG() function Mergen Imeev via Tarantool-patches 2021-10-01 7:43 ` [Tarantool-patches] [PATCH v3 10/15] sql: refactor COUNT() function Mergen Imeev via Tarantool-patches 2021-10-01 7:43 ` [Tarantool-patches] [PATCH v3 11/15] sql: refactor MIN() and MAX() functions Mergen Imeev via Tarantool-patches 2021-10-01 7:43 ` [Tarantool-patches] [PATCH v3 12/15] sql: refactor GROUP_CONCAT() function Mergen Imeev via Tarantool-patches 2021-10-01 7:43 ` [Tarantool-patches] [PATCH v3 13/15] sql: remove copying of result in finalizers Mergen Imeev via Tarantool-patches 2021-10-01 7:43 ` [Tarantool-patches] [PATCH v3 14/15] sql: remove MEM_TYPE_AGG Mergen Imeev via Tarantool-patches 2021-10-01 7:43 ` [Tarantool-patches] [PATCH v3 15/15] sql: remove field argv from struct sql_context Mergen Imeev via Tarantool-patches
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=68df7d554bef92d1840527cb26a1ba1698296385.1633073759.git.imeevma@gmail.com \ --to=tarantool-patches@dev.tarantool.org \ --cc=imeevma@tarantool.org \ --cc=v.shpilevoy@tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH v3 01/15] sql: fix possible undefined behavior during cast' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox