Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-4224

[PATCH] Item_func_neg relies on undefined behavior and can misbehave

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.0.1
    • Fix Version/s: 10.0.2, 5.5.31
    • Component/s: None
    • Labels:
      None

      Description

      Class Item_func_neg has a lot of conversions between signed and unsigned datatypes. I believe at least to some degree these conversions are undefined behavior in C++, and thus Item_func_neg can misbehave when compiled with optimizations. In particular I've experienced misbehavior in the main.func_math test on line 483. This line expects that negation of -9223372036854775808 will throw DATA_OUT_OF_RANGE error, but sometimes it doesn't. The following patch fixes the problem. Please consider including it (or some modification of it) into MariaDB.

      --- a/sql/item_func.cc
      +++ b/sql/item_func.cc
      @@ -1908,6 +1908,8 @@ longlong Item_func_neg::int_op()
         if (args[0]->unsigned_flag &&
             (ulonglong) value > (ulonglong) LONGLONG_MAX + 1)
           return raise_integer_overflow();
      +  if (!args[0]->unsigned_flag && value == LONGLONG_MIN)
      +    return raise_integer_overflow();
         return check_integer_overflow(-value, !args[0]->unsigned_flag && value < 0);
       }
       

        Attachments

          Activity

            People

            • Assignee:
              wlad Vladislav Vaintroub
              Reporter:
              pivanof Pavel Ivanov
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: