database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

MDEV-22742 UBSAN: Many overflow issues in strings/decimal.c - runtime error: signed integer overflow: x * y cannot be represented in type 'long long int' (on optimized builds).

Browse Source 
Avoid integer overflow, do the check before the calculation.
This commit is contained in:
Alexey Botchkov
2021-11-22 09:58:46 +04:00
parent f54d6380d2
commit 6277e7df6b
1 changed files with 23 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
strings/decimal.c
View File

@@ -1128,13 +1128,21 @@ int decimal2ulonglong(const decimal_t *from, ulonglong *to)
for (intg=from->intg; intg > 0; intg-=DIG_PER_DEC1) for (intg=from->intg; intg > 0; intg-=DIG_PER_DEC1)
{ {
ulonglong y=x; /*
x=x*DIG_BASE + *buf++; Check that the decimal is bigger than any possible integer.
if (unlikely(y > ((ulonglong) ULONGLONG_MAX/DIG_BASE) || x < y)) Do it before we do the x*=DIB_BASE to avoid integer
overflow.
*/
if (unlikely (
x >= ULONGLONG_MAX/DIG_BASE &&
(x > ULONGLONG_MAX/DIG_BASE ||
*buf > (dec1) (ULONGLONG_MAX%DIG_BASE))))
{ {
*to=ULONGLONG_MAX; *to=ULONGLONG_MAX;
return E_DEC_OVERFLOW; return E_DEC_OVERFLOW;
} }
x=x*DIG_BASE + *buf++;
} }
*to=x; *to=x;
for (frac=from->frac; unlikely(frac > 0); frac-=DIG_PER_DEC1) for (frac=from->frac; unlikely(frac > 0); frac-=DIG_PER_DEC1)
@@ -1151,23 +1159,29 @@ int decimal2longlong(const decimal_t *from, longlong *to)
for (intg=from->intg; intg > 0; intg-=DIG_PER_DEC1) for (intg=from->intg; intg > 0; intg-=DIG_PER_DEC1)
{ {
longlong y=x;
/* /*
Check that the decimal is less than any possible integer.
Do it before we do the x*=DIB_BASE to avoid integer
overflow.
Attention: trick! Attention: trick!
we're calculating -|from| instead of |from| here we're calculating -|from| instead of |from| here
because |LONGLONG_MIN| > LONGLONG_MAX because |LONGLONG_MIN| > LONGLONG_MAX
so we can convert -9223372036854775808 correctly so we can convert -9223372036854775808 correctly.
*/ */
x=x*DIG_BASE - *buf++; if (unlikely (
if (unlikely(y < (LONGLONG_MIN/DIG_BASE) || x > y)) x <= LONGLONG_MIN/DIG_BASE &&
(x < LONGLONG_MIN/DIG_BASE ||
*buf > (dec1) (-(LONGLONG_MIN%DIG_BASE)))))
{ {
/* /*
the decimal is bigger than any possible integer the decimal is bigger than any possible integer
return border integer depending on the sign return border integer depending on the sign
*/ */
*to= from->sign ? LONGLONG_MIN : LONGLONG_MAX; *to= from->sign ? LONGLONG_MIN : LONGLONG_MAX;
return E_DEC_OVERFLOW; return E_DEC_OVERFLOW;
} }
x=x*DIG_BASE - *buf++;
} }
/* boundary case: 9223372036854775808 */ /* boundary case: 9223372036854775808 */
if (unlikely(from->sign==0 && x == LONGLONG_MIN)) if (unlikely(from->sign==0 && x == LONGLONG_MIN))