Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-4224

[PATCH] Item_func_neg relies on undefined behavior and can misbehave

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.0.1
    • 10.0.2, 5.5.31
    • None
    • None

    Description

      Class Item_func_neg has a lot of conversions between signed and unsigned datatypes. I believe at least to some degree these conversions are undefined behavior in C++, and thus Item_func_neg can misbehave when compiled with optimizations. In particular I've experienced misbehavior in the main.func_math test on line 483. This line expects that negation of -9223372036854775808 will throw DATA_OUT_OF_RANGE error, but sometimes it doesn't. The following patch fixes the problem. Please consider including it (or some modification of it) into MariaDB.

      --- a/sql/item_func.cc
      +++ b/sql/item_func.cc
      @@ -1908,6 +1908,8 @@ longlong Item_func_neg::int_op()
         if (args[0]->unsigned_flag &&
             (ulonglong) value > (ulonglong) LONGLONG_MAX + 1)
           return raise_integer_overflow();
      +  if (!args[0]->unsigned_flag && value == LONGLONG_MIN)
      +    return raise_integer_overflow();
         return check_integer_overflow(-value, !args[0]->unsigned_flag && value < 0);
       }
       

      Attachments

        Activity

          People

            wlad Vladislav Vaintroub
            pivanof Pavel Ivanov
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.