Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.0(EOL), 10.1(EOL)
-
None
Description
PATCH-P1-FIX-UPSTREAM: Suspicious implicit sign extension
|
|
|
Found in Fedora git:
|
http://pkgs.fedoraproject.org/cgit/mariadb.git/tree/
|
|
|
This issue has been found by Coverity - static analysis tool.
|
|
|
mysql-5.5.31/strings/ctype-ucs2.c:1707:sign_extension – Suspicious implicit sign extension: "s[0]" with type "unsigned char" (8 bits, unsigned) is promoted in "(s[0] << 24) + (s[1] << 16) + (s[2] << 8) + s[3]" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "(s[0] << 24) + (s[1] << 16) + (s[2] << 8) + s[3]" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
|
|
|
diff -up mariadb-10.0.15/strings/ctype-ucs2.c.orig mariadb-10.0.15/strings/ctype-ucs2.c
|
--- mariadb-10.0.15/strings/ctype-ucs2.c.orig 2014-11-27 15:14:11.129554529 +0100
|
+++ mariadb-10.0.15/strings/ctype-ucs2.c 2014-11-27 15:13:06.806439653 +0100
|
@@ -1932,7 +1932,7 @@ my_utf32_uni(CHARSET_INFO *cs __attribut
|
{
|
if (s + 4 > e)
|
return MY_CS_TOOSMALL4;
|
- *pwc= (s[0] << 24) + (s[1] << 16) + (s[2] << 8) + (s[3]);
|
+ *pwc= (((my_wc_t)s[0]) << 24) + (s[1] << 16) + (s[2] << 8) + (s[3]);
|
return 4;
|
}
|
Attachments
Issue Links
- is part of
-
-
- Closed
-
- links to
Note: the following test returns unexpected value indeed:
#include <stdio.h>int main(void){unsigned char s[]= { 200, 'b', 'c', 'd' };unsigned long res= (s[0] << 24) + (s[1] << 16) + (s[2] << 8) + (s[3]);printf("res=%lu, sizeof(res)= %lu\n", res, sizeof(res));return 0;}