BUG#31799: Scrambled number output due to integer overflow

An integer overflow in number->string conversion caused completely wrong output of the number LONGLONG_MIN with gcc 4.2.1. Fixed by eliminating the overflow, using only operations that are well-defined in ANSI C.
2025-07-30 16:24:05 +03:00 · 2007-10-31 10:34:26 +01:00
parent 3494f691c1
commit 5dc5fc8292
4 changed files with 56 additions and 40 deletions
--- a/strings/ctype-simple.c
+++ b/strings/ctype-simple.c
@ -837,6 +837,7 @@ int my_long10_to_str_8bit(CHARSET_INFO *cs __attribute__((unused)),
  register char *p, *e;
  long int new_val;
  uint sign=0;
+  unsigned long int uval = (unsigned long int) val;

  e = p = &buffer[sizeof(buffer)-1];
  *p= 0;
@ -845,15 +846,16 @@ int my_long10_to_str_8bit(CHARSET_INFO *cs __attribute__((unused)),
  {
    if (val < 0)
    {
-      val= -val;
+      /* Avoid integer overflow in (-val) for LONGLONG_MIN (BUG#31799). */
+      uval= (unsigned long int)0 - uval;
      *dst++= '-';
      len--;
      sign= 1;
    }
  }
  
-  new_val = (long) ((unsigned long int) val / 10);
-  *--p    = '0'+ (char) ((unsigned long int) val - (unsigned long) new_val * 10);
+  new_val = (long) (uval / 10);
+  *--p    = '0'+ (char) (uval - (unsigned long) new_val * 10);
  val     = new_val;
  
  while (val != 0)
@ -876,12 +878,14 @@ int my_longlong10_to_str_8bit(CHARSET_INFO *cs __attribute__((unused)),
  register char *p, *e;
  long long_val;
  uint sign= 0;
+  ulonglong uval = (ulonglong)val;
  
  if (radix < 0)
  {
    if (val < 0)
    {
-      val = -val;
+      /* Avoid integer overflow in (-val) for LONGLONG_MIN (BUG#31799). */
+      uval = (ulonglong)0 - uval;
      *dst++= '-';
      len--;
      sign= 1;
@ -891,22 +895,22 @@ int my_longlong10_to_str_8bit(CHARSET_INFO *cs __attribute__((unused)),
  e = p = &buffer[sizeof(buffer)-1];
  *p= 0;
  
-  if (val == 0)
+  if (uval == 0)
  {
    *--p= '0';
    len= 1;
    goto cnv;
  }
  
-  while ((ulonglong) val > (ulonglong) LONG_MAX)
+  while (uval > (ulonglong) LONG_MAX)
  {
-    ulonglong quo=(ulonglong) val/(uint) 10;
-    uint rem= (uint) (val- quo* (uint) 10);
+    ulonglong quo= uval/(uint) 10;
+    uint rem= (uint) (uval- quo* (uint) 10);
    *--p = '0' + rem;
-    val= quo;
+    uval= quo;
  }
  
-  long_val= (long) val;
+  long_val= (long) uval;
  while (long_val != 0)
  {
    long quo= long_val/10;