From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id EA01C6DB05; Fri, 1 Oct 2021 15:49:31 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org EA01C6DB05 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1633092572; bh=cS5l9nucWYlO58RSumLwz8MTkcZr676UwnVuGIKugaE=; h=To:Cc:Date:In-Reply-To:References:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=R/FFyn4qYmm+K6lMlrj/RNQ5+y+7ugshNl8m699SGDIrK/LMJ4ZiSe3oiWVhLyQmb a5qGEx4+C1i25sHytlWFZXFf6ec/54O3juavsAXwRin6StNUsW0YcM05he2BfVz3gl DZhJqaenKo3APwJDtIZlylIcmOr8I/ykRL+5gS/U= Received: from smtpng1.i.mail.ru (smtpng1.i.mail.ru [94.100.181.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 2806F6FF9D for ; Fri, 1 Oct 2021 15:48:34 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 2806F6FF9D Received: by smtpng1.m.smailru.net with esmtpa (envelope-from ) id 1mWHxp-0003s0-JA; Fri, 01 Oct 2021 15:48:33 +0300 To: v.shpilevoy@tarantool.org Cc: tarantool-patches@dev.tarantool.org Date: Fri, 1 Oct 2021 15:48:33 +0300 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-4EC0790: 10 X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD96A58C36AA2E99649E150573C3DCDB29943BD5C8B56246B79182A05F5380850403AF52F68D01762A439F255AC8FA952D1F5AC68A35600194688CB5CAB23505A2C X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE72E4E5201E1C2E308EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F790063770995E888C5C26978638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D8FEB4F2D2DC78619A21AA98E62CF7F83E117882F4460429724CE54428C33FAD305F5C1EE8F4F765FCEA77C8EAE1CE44B0A471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F446042972877693876707352026055571C92BF10F2CC0D3CB04F14752D2E47CDBA5A96583BA9C0B312567BB231DD303D21008E29813377AFFFEAFD269A417C69337E82CC2E827F84554CEF50127C277FBC8AE2E8BA83251EDC214901ED5E8D9A59859A8B66F6A3E018CF4DC80089D37D7C0E48F6C5571747095F342E88FB05168BE4CE3AF X-C1DE0DAB: C20DE7B7AB408E4181F030C43753B8186998911F362727C414F749A5E30D975CBBB17C150BCA6793405788A228393CE3A63104B28085B41D9C2B6934AE262D3EE7EAB7254005DCED7532B743992DF240BDC6A1CF3F042BAD6DF99611D93F60EF783E2B6F79C23BED699F904B3F4130E343918A1A30D5E7FCCB5012B2E24CD356 X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D347D10A9FCB2A62DFE7CE4364AF4757179A05178DF7A7A4D6F43CC4BCBCF1C528BBF8B03383E59F3D71D7E09C32AA3244CFF5AEBA8D7BBF63F24A625A03A516B44A90944CA99CF22E3729B2BEF169E0186 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojJNmX3owDPmHupNdumL4MoQ== X-Mailru-Sender: 689FA8AB762F7393C37E3C1AEC41BA5D8FE2B56426894FB7A878CCE6B1B5D2C283D72C36FC87018B9F80AB2734326CD2FB559BB5D741EB96352A0ABBE4FDA4210A04DAD6CC59E33667EA787935ED9F1B X-Mras: Ok Subject: [Tarantool-patches] [PATCH v4 02/16] sql: fix possible undefined behavior during cast X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Mergen Imeev via Tarantool-patches Reply-To: imeevma@tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" This patch fixes possible undefined behavior during the implicit cast of INTEGER to DOUBLE. The problem is, if the INTEGER is close enough to 2^64, it will be cast to 2^64 when it is cast to DOUBLE. Since we have a check for loss of precision, this will cause this DOUBLE to be cast to an INTEGER, which will result in undefined behavior since this DOUBLE is outside the range of INTEGER. --- src/box/sql/mem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/box/sql/mem.c b/src/box/sql/mem.c index 24d6d7dbf..079083fa1 100644 --- a/src/box/sql/mem.c +++ b/src/box/sql/mem.c @@ -682,7 +682,7 @@ uint_to_double_precise(struct Mem *mem) assert(mem->type == MEM_TYPE_UINT); double d; d = (double)mem->u.u; - if (mem->u.u != (uint64_t)d) + if (d == (double)UINT64_MAX || mem->u.u != (uint64_t)d) return -1; mem->u.r = d; mem->flags = 0; -- 2.25.1