-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 10.1, 10.0
-
Component/s: Character Sets
-
Labels:None
PATCH-P1-FIX-UPSTREAM: Suspicious implicit sign extension
|
|
|
Found in Fedora git:
|
http://pkgs.fedoraproject.org/cgit/mariadb.git/tree/
|
|
|
This issue has been found by Coverity - static analysis tool.
|
|
|
mysql-5.5.31/strings/ctype-ucs2.c:1707:sign_extension – Suspicious implicit sign extension: "s[0]" with type "unsigned char" (8 bits, unsigned) is promoted in "(s[0] << 24) + (s[1] << 16) + (s[2] << 8) + s[3]" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "(s[0] << 24) + (s[1] << 16) + (s[2] << 8) + s[3]" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
|
|
|
diff -up mariadb-10.0.15/strings/ctype-ucs2.c.orig mariadb-10.0.15/strings/ctype-ucs2.c
|
--- mariadb-10.0.15/strings/ctype-ucs2.c.orig 2014-11-27 15:14:11.129554529 +0100
|
+++ mariadb-10.0.15/strings/ctype-ucs2.c 2014-11-27 15:13:06.806439653 +0100
|
@@ -1932,7 +1932,7 @@ my_utf32_uni(CHARSET_INFO *cs __attribut
|
{
|
if (s + 4 > e)
|
return MY_CS_TOOSMALL4;
|
- *pwc= (s[0] << 24) + (s[1] << 16) + (s[2] << 8) + (s[3]);
|
+ *pwc= (((my_wc_t)s[0]) << 24) + (s[1] << 16) + (s[2] << 8) + (s[3]);
|
return 4;
|
}
|
- is part of
-
-
- Stalled
-
- links to