Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

validator/val_sigcrypt.c:1346:10: runtime error: signed integer overflow: -823674496 - 1513296000 cannot be represented in type 'int' #170

Closed
noloader opened this issue Feb 27, 2020 · 2 comments

Comments

@noloader
Copy link
Contributor

noloader commented Feb 27, 2020

Hi Everyone,

I'm working from master and using instrumented builds. Building on Ubuntu 18.04 with UBsan. Running make test results in:

test signature verify:./testdata/test_signatures.9
validator/val_sigcrypt.c:1346:10: runtime error: signed integer overflow: -823674496 - 1513296000 cannot be represented in type 'int'
Makefile:316: recipe for target 'test' failed

You can setup the test rig by exporting CFLAGS with UBsan enabled:

$ git clone https://github.com/NLnetLabs/unbound.git
$ cd unbound
$ export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=undefined -fno-sanitize-recover"
$ ./make-master.sh
...
$ make test
...
@wcawijngaards
Copy link
Member

Fixed in 57bbbfc . Thanks for the report!

It is a false positive, but the casts signal this. The serial number arithmetic is defined in RFC1982, if you are curious. This is how RRSIG signature expiry is signalled on the wire. 32bit, but relative to the current time, sort of, without needing 64bit for 2038.

@wcawijngaards
Copy link
Member

Fixed in 57bbbfc . Thanks for the report!

It is a false positive, but the casts signal this. The serial number arithmetic is defined in RFC1982, if you are curious. This is how RRSIG signature expiry is signalled on the wire. 32bit, but relative to the current time, sort of, without needing 64bit for 2038.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants