[MDEV-30932] UBSAN: negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself in Item_func_mul::int_op and Item_func_round::int_op Created: 2023-03-27  Updated: 2023-07-19  Resolved: 2023-06-29

Status: Closed
Project: MariaDB Server
Component/s: Data types
Affects Version/s: 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11, 11.0, 11.1
Fix Version/s: 10.8.8, 10.4.31, 10.5.22, 10.6.15, 10.9.8, 10.10.6, 10.11.5

Type: Bug Priority: Critical
Reporter: Roel Van de Paar Assignee: Alexander Barkov
Resolution: Fixed Votes: 0
Labels: UBSAN, affects-tests

Issue Links:
Relates
relates to MDEV-30931 UBSAN: negation of -X cannot be repre... Confirmed

 Description   

Similar to MDEV-30931 but in a different function

SELECT (1 DIV(-1/POW(807,14))*1);

Leads to:

11.0.2 a79abb6517f2fa68b48e61aa3354a0631e3a63f7 (Debug)

 
/test/11.0_dbg_san/sql/item_func.cc:1413:6: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself
 
/test/11.0_dbg_san/sql/item_func.cc:1444:8: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself

11.0.2 a79abb6517f2fa68b48e61aa3354a0631e3a63f7 (Debug)

 
Version: '11.0.2-MariaDB-debug'  socket: '/test/UBASAN_MD250323-mariadb-11.0.2-linux-x86_64-dbg/socket.sock'  port: 11466  MariaDB Server
 
2023-03-27 17:40:58 0 [Note] InnoDB: Buffer pool(s) load completed at 230327 17:40:58
 
/test/11.0_dbg_san/sql/item_func.cc:1413:6: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself
 
    #0 0x5558202d2602 in Item_func_mul::int_op() /test/11.0_dbg_san/sql/item_func.cc:1413
 
    #1 0x55581f470eb8 in Item_func_hybrid_field_type::val_int_from_int_op() /test/11.0_dbg_san/sql/item_func.h:849
 
    #2 0x55581f470eb8 in Type_handler_int_result::Item_func_hybrid_field_type_val_int(Item_func_hybrid_field_type*) const /test/11.0_dbg_san/sql/sql_type.cc:5406
 
    #3 0x55581e531687 in Item_func_hybrid_field_type::val_int() /test/11.0_dbg_san/sql/item_func.h:905
 
    #4 0x55581f522764 in Type_handler::Item_send_long(Item*, Protocol*, st_value*) const /test/11.0_dbg_san/sql/sql_type.cc:7479
 
    #5 0x55581f58a9a2 in Type_handler_long::Item_send(Item*, Protocol*, st_value*) const /test/11.0_dbg_san/sql/sql_type.h:5696
 
    #6 0x55581dd1359c in Item::send(Protocol*, st_value*) /test/11.0_dbg_san/sql/item.h:1235
 
    #7 0x55581decf05c in Protocol::send_result_set_row(List<Item>*) /test/11.0_dbg_san/sql/protocol.cc:1332
 
    #8 0x55581e2989ca in select_send::send_data(List<Item>&) /test/11.0_dbg_san/sql/sql_class.cc:3102
 
    #9 0x55581ea0fb03 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_dbg_san/sql/sql_class.h:5748
 
    #10 0x55581ea0fb03 in JOIN::exec_inner() /test/11.0_dbg_san/sql/sql_select.cc:4761
 
    #11 0x55581ea1657a in JOIN::exec() /test/11.0_dbg_san/sql/sql_select.cc:4672
 
    #12 0x55581ea04d38 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.0_dbg_san/sql/sql_select.cc:5153
 
    #13 0x55581ea09193 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.0_dbg_san/sql/sql_select.cc:611
 
    #14 0x55581e588973 in execute_sqlcom_select /test/11.0_dbg_san/sql/sql_parse.cc:6267
 
    #15 0x55581e5e9cce in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:3949
 
    #16 0x55581e6195e6 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:7999
 
    #17 0x55581e62937a in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
 
    #18 0x55581e63717f in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
 
    #19 0x55581effb459 in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
 
    #20 0x55581effc974 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
 
    #21 0x14e883c42b42 in start_thread nptl/pthread_create.c:442
 
    #22 0x14e883cd49ff  (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)
 
 
 
/test/11.0_dbg_san/sql/item_func.cc:1444:8: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself
 
    #0 0x5558202d269d in Item_func_mul::int_op() /test/11.0_dbg_san/sql/item_func.cc:1444
 
    #1 0x55581f470eb8 in Item_func_hybrid_field_type::val_int_from_int_op() /test/11.0_dbg_san/sql/item_func.h:849
 
    #2 0x55581f470eb8 in Type_handler_int_result::Item_func_hybrid_field_type_val_int(Item_func_hybrid_field_type*) const /test/11.0_dbg_san/sql/sql_type.cc:5406
 
    #3 0x55581e531687 in Item_func_hybrid_field_type::val_int() /test/11.0_dbg_san/sql/item_func.h:905
 
    #4 0x55581f522764 in Type_handler::Item_send_long(Item*, Protocol*, st_value*) const /test/11.0_dbg_san/sql/sql_type.cc:7479
 
    #5 0x55581f58a9a2 in Type_handler_long::Item_send(Item*, Protocol*, st_value*) const /test/11.0_dbg_san/sql/sql_type.h:5696
 
    #6 0x55581dd1359c in Item::send(Protocol*, st_value*) /test/11.0_dbg_san/sql/item.h:1235
 
    #7 0x55581decf05c in Protocol::send_result_set_row(List<Item>*) /test/11.0_dbg_san/sql/protocol.cc:1332
 
    #8 0x55581e2989ca in select_send::send_data(List<Item>&) /test/11.0_dbg_san/sql/sql_class.cc:3102
 
    #9 0x55581ea0fb03 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_dbg_san/sql/sql_class.h:5748
 
    #10 0x55581ea0fb03 in JOIN::exec_inner() /test/11.0_dbg_san/sql/sql_select.cc:4761
 
    #11 0x55581ea1657a in JOIN::exec() /test/11.0_dbg_san/sql/sql_select.cc:4672
 
    #12 0x55581ea04d38 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.0_dbg_san/sql/sql_select.cc:5153
 
    #13 0x55581ea09193 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.0_dbg_san/sql/sql_select.cc:611
 
    #14 0x55581e588973 in execute_sqlcom_select /test/11.0_dbg_san/sql/sql_parse.cc:6267
 
    #15 0x55581e5e9cce in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:3949
 
    #16 0x55581e6195e6 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:7999
 
    #17 0x55581e62937a in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
 
    #18 0x55581e63717f in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
 
    #19 0x55581effb459 in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
 
    #20 0x55581effc974 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
 
    #21 0x14e883c42b42 in start_thread nptl/pthread_create.c:442
 
    #22 0x14e883cd49ff  (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

Setup:

Compiled with GCC >=7.5.0 (I use GCC 11.3.0) and:
 
    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
 
Set before execution:
 
    export UBSAN_OPTIONS=print_stacktrace=1

Bug confirmed present in:
MariaDB: 10.3.39 (dbg), 10.3.39 (opt), 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.3 (dbg), 10.11.3 (opt), 11.0.2 (dbg), 11.0.2 (opt)

 Comments   
Comment by Roel Van de Paar [ 2023-03-29 ]

This testcase has the same stack on debug, but a different stack on optimized builds.

DO((-9223372036854775808)*(1));

Leads to:

11.0.2 a79abb6517f2fa68b48e61aa3354a0631e3a63f7 (Optimized)

 
/test/11.0_opt_san/sql/item_func.cc:1413:6: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself
 
/test/11.0_opt_san/sql/item_func.cc:1444:8: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself

11.0.2 a79abb6517f2fa68b48e61aa3354a0631e3a63f7 (Optimized)

 
/test/11.0_opt_san/sql/item_func.cc:1413:6: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself
 
    #0 0x56511998d3c9 in Item_func_mul::int_op() /test/11.0_opt_san/sql/item_func.cc:1413
 
    #1 0x565117892f42 in Item_func::is_null() /test/11.0_opt_san/sql/item_func.h:176
 
    #2 0x56511a2f8791 in mysql_do(THD*, List<Item>&) /test/11.0_opt_san/sql/sql_do.cc:35
 
    #3 0x565117faef10 in mysql_execute_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:3978
 
    #4 0x565117fcb322 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_opt_san/sql/sql_parse.cc:7999
 
    #5 0x565117fd8fad in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_opt_san/sql/sql_parse.cc:1894
 
    #6 0x565117fe2718 in do_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:1407
 
    #7 0x5651188e3c2c in do_handle_one_connection(CONNECT*, bool) /test/11.0_opt_san/sql/sql_connect.cc:1416
 
    #8 0x5651188e622c in handle_one_connection /test/11.0_opt_san/sql/sql_connect.cc:1318
 
    #9 0x14cb97c6ab42 in start_thread nptl/pthread_create.c:442
 
    #10 0x14cb97cfc9ff  (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)
 
 
 
/test/11.0_opt_san/sql/item_func.cc:1444:8: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself
 
    #0 0x56511998d3e2 in Item_func_mul::int_op() /test/11.0_opt_san/sql/item_func.cc:1444
 
    #1 0x565117892f42 in Item_func::is_null() /test/11.0_opt_san/sql/item_func.h:176
 
    #2 0x56511a2f8791 in mysql_do(THD*, List<Item>&) /test/11.0_opt_san/sql/sql_do.cc:35
 
    #3 0x565117faef10 in mysql_execute_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:3978
 
    #4 0x565117fcb322 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_opt_san/sql/sql_parse.cc:7999
 
    #5 0x565117fd8fad in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_opt_san/sql/sql_parse.cc:1894
 
    #6 0x565117fe2718 in do_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:1407
 
    #7 0x5651188e3c2c in do_handle_one_connection(CONNECT*, bool) /test/11.0_opt_san/sql/sql_connect.cc:1416
 
    #8 0x5651188e622c in handle_one_connection /test/11.0_opt_san/sql/sql_connect.cc:1318
 
    #9 0x14cb97c6ab42 in start_thread nptl/pthread_create.c:442
 
    #10 0x14cb97cfc9ff  (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

Bug confirmed present in:
MariaDB: 10.3.39 (dbg), 10.3.39 (opt), 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.3 (dbg), 10.11.3 (opt), 11.0.2 (dbg), 11.0.2 (opt)

All UniqueID's seen with this testcases including two new ones (the first two):

UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|Item_func_mul::int_op|Item::update_null_value|Item_func::is_null|mysql_do
 
UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|Item_func_mul::int_op|Item_func::is_null|mysql_do|mysql_execute_command
 
UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|Item_func_mul::int_op|Item_func_hybrid_field_type::val_int_from_int_op|Type_handler_int_result::Item_func_hybrid_field_type_val_int|Item_func_hybrid_field_type::val_int

Comment by Roel Van de Paar [ 2023-03-31 ]

Three additional stacks can be observed with this testcase

SELECT (GET_FORMAT(TIME,'JIS'))DIV(POW(-40,65)DIV(1)*2);

Leads to the following stacks/UniqueID's:

UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|Item_func_mul::int_op|Item_func_hybrid_field_type::val_decimal_from_int_op|Item_func_int_div::val_int|Type_handler::Item_send_longlong
 
UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|Item_func_mul::int_op|Item_func_hybrid_field_type::val_decimal_from_int_op|Type_handler_int_result::Item_func_hybrid_field_type_val_decimal|Item_func_hybrid_field_type::val_decimal
 
UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|Item_func_mul::int_op|Item_func_hybrid_field_type::val_decimal_from_int_op|VDec::set|VDec2_lazy::VDec2_lazy

Across versions and build types

Comment by Roel Van de Paar [ 2023-04-24 ]

Another testcase which has a previously seen stack on debug, but a different stack on optimized builds:

SET SESSION div_precision_increment=2;
 
SELECT (EXP(100) DIV -0.05*1);

Leads to the following stacks/UniqueID's:

UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|Item_func_mul::int_op|Item_func_hybrid_field_type::val_int_from_int_op|Type_handler_int_result::Item_func_hybrid_field_type_val_int|Item_func_hybrid_field_type::val_int
 
UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|Item_func_mul::int_op|Type_handler::Item_send_longlong|Protocol::send_result_set_row|select_send::send_data

Across versions and build types. The second one is new.
Interestingly, the *1 in the testcase looks to be required.

Comment by Roel Van de Paar [ 2023-05-09 ]

This testcase:

SELECT -9223372036854775808 MOD 9223372036854775810;

Gives the following additional stacks/UniqueID's:

UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|Item_func_mod::int_op|Item_func_hybrid_field_type::val_int_from_int_op|Type_handler_int_result::Item_func_hybrid_field_type_val_int|Item_func_hybrid_field_type::val_int
 
UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|Item_func_mod::int_op|Type_handler::Item_send_longlong|Protocol::send_result_set_row|select_send::send_data

Across versions and build types. Both are new.

Comment by Roel Van de Paar [ 2023-06-15 ]

Another testcase which leads to new stacks

CREATE TABLE t(c INT);
 
INSERT INTO t VALUES(TRUNCATE(0,-1.e+30));

Gives the following stacks/UniqueID's:

UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|Item_func_round::int_op|Item::save_int_in_field|Item::save_in_field|fill_record
 
UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|Item_func_round::int_op|Item_func_hybrid_field_type::val_int_from_int_op|Type_handler_int_result::Item_func_hybrid_field_type_val_int|Item_func_hybrid_field_type::val_int

Across versions and build types. Both are new.

Comment by Roel Van de Paar [ 2023-06-15 ]

Another testcase which leads to new stacks

SELECT GET_FORMAT(TIME,'JIS') DIV ATAN (TRUNCATE (0,'2000000000000000' DIV SIN(1500)*NOW(5)));

Gives the following stacks/UniqueID's:

UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|Item_func_round::int_op|Item_func_hybrid_field_type::val_real_from_int_op|Item_func_atan::val_real|Item_real_func::val_decimal
 
UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|Item_func_round::int_op|Item_func_hybrid_field_type::val_real_from_int_op|Type_handler_int_result::Item_func_hybrid_field_type_val_real|Item_func_hybrid_field_type::val_real

Across versions and build types. Both are new.

Comment by Roel Van de Paar [ 2023-06-15 ]

Note: the last two testcases are in Item_func_round::int_op rather than in Item_func_mul::int_op

Comment by Roel Van de Paar [ 2023-06-15 ]

This variation to the last testcase above

SELECT (GET_FORMAT(TIME,'JIS') DIV ATAN (TRUNCATE (0,'2000000000000000' DIV SIN(1500)*NOW(5))/ROUND(-1)))DIV(-1-LOG2(1))-(-1*POWER(-1,0));

Gives the following stacks/UniqueID's:

UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|Item_func_round::int_op|Item_func_hybrid_field_type::val_decimal_from_int_op|Type_handler_int_result::Item_func_hybrid_field_type_val_decimal|Item_func_hybrid_field_type::val_decimal
 
UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|Item_func_round::int_op|Item_func_hybrid_field_type::val_decimal_from_int_op|VDec::VDec|VDec2_lazy::VDec2_lazy

Across versions and build types. Both are new.

Comment by Alexander Barkov [ 2023-06-28 ]

Changed Priority to Critical, as according to Roel, it keeps popping up in new forms and terminates various SAN tests.

Comment by Roel Van de Paar [ 2023-06-28 ]

MTR testcase which shows the issue on 10.6. Note that 10.4 have other startup SAN issues so MTR pre-fails on those.

--error ER_DATA_OUT_OF_RANGE
 
SELECT (1 DIV(-1/POW(807,14))*1);

Leads to:

10.6.14 c271057288f71746d1816824f338f2d9c47f67c1 (Debug, UBASAN)

 
main.test                                [ fail ]  Found warnings/errors in server log file!
 
        Test ended at 2023-06-28 12:10:30
 
line
 
/test/10.6_dbg_san/sql/item_func.cc:1407:6: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself
 
/test/10.6_dbg_san/sql/item_func.cc:1438:8: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself
 
^ Found warnings in /test/UBASAN_MD120523-mariadb-10.6.14-linux-x86_64-dbg/mysql-test/var/log/mysqld.1.err

Comment by Roel Van de Paar [ 2023-06-28 ]

Two problem lines highlighted

10.6 c271057288f71746d1816824f338f2d9c47f67c1 (Source)

 
 /*
 
    First check whether the result can be represented as a
 
    (bool unsigned_flag, longlong value) pair, then check if it is compatible
 
    with this Item's unsigned_flag by calling check_integer_overflow().
 
 
 
    Let a = a1 * 2^32 + a0 and b = b1 * 2^32 + b0. Then
 
    a * b = (a1 * 2^32 + a0) * (b1 * 2^32 + b0) = a1 * b1 * 2^64 +
 
            + (a1 * b0 + a0 * b1) * 2^32 + a0 * b0;
 
    We can determine if the above sum overflows the ulonglong range by
 
    sequentially checking the following conditions:
 
    1. If both a1 and b1 are non-zero.
 
    2. Otherwise, if (a1 * b0 + a0 * b1) is greater than ULONG_MAX.
 
    3. Otherwise, if (a1 * b0 + a0 * b1) * 2^32 + a0 * b0 is greater than
 
    ULONGLONG_MAX.
 
 
 
    Since we also have to take the unsigned_flag for a and b into account,
 
    it is easier to first work with absolute values and set the
 
    correct sign later.
 
  */
 
  if (!args[0]->unsigned_flag && a < 0)
 
  {
 
    a_negative= TRUE;
 
    a= -a;                                           # <<<<<<<< Line 1407
 
  }
 
  if (!args[1]->unsigned_flag && b < 0)
 
  {
 
    b_negative= TRUE;
 
    b= -b;  }
 
 
 
  a0= 0xFFFFFFFFUL & a;
 
  a1= ((ulonglong) a) >> 32;
 
  b0= 0xFFFFFFFFUL & b;
 
  b1= ((ulonglong) b) >> 32;
 
 
 
  if (a1 && b1)
 
    goto err;
 
 
 
  res1= (ulonglong) a1 * b0 + (ulonglong) a0 * b1;
 
  if (res1 > 0xFFFFFFFFUL)
 
    goto err;
 
 
 
  res1= res1 << 32;
 
  res0= (ulonglong) a0 * b0;
 
 
 
  if (test_if_sum_overflows_ull(res1, res0))
 
    goto err;
 
  res= res1 + res0;
 
 
 
  if (a_negative != b_negative)
 
  {
 
    if ((ulonglong) res > (ulonglong) LONGLONG_MIN + 1)
 
      goto err;
 
    res= -res;                                           # <<<<<<<< Line 1438
 
  }
 
  else
 
    res_unsigned= TRUE;

Generated at Thu Feb 08 10:19:59 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.