-
Notifications
You must be signed in to change notification settings - Fork 540
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
runtime error: shift exponent -2 is negative (toke.c:10966:54) #16114
Comments
From @geeknikWhile fuzzing v5.27.2-135-g7aaa36b196*, undefined-behavior was triggered in ./perl -e '03000000000000000000.0' toke.c:10966:54: runtime error: shift exponent -2 is negative SUMMARY: AddressSanitizer: undefined-behavior toke.c:10966:54 |
From @tonycozOn Mon, 14 Aug 2017 00:02:53 -0700, brian.carpenter@gmail.com wrote:
Similarly for ./miniperl -e '0x030000000000000.0' The attached seems to fix it, but it would be nice if jhi took a look at it. It seems wrong to me that this code is entered for your original octal case. Tony |
From @tonycoz0001-perl-131894-don-t-shift-by-a-negative-value-in-C.patchFrom 86c0a707c9b01b8506f5a171fc05a7cb3acaf651 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Tue, 15 Aug 2017 11:18:39 +1000
Subject: (perl #131894) don't shift by a negative value in C
---
t/op/hexfp.t | 9 ++++++++-
toke.c | 2 +-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/t/op/hexfp.t b/t/op/hexfp.t
index 29378f2..a3529e4 100644
--- a/t/op/hexfp.t
+++ b/t/op/hexfp.t
@@ -10,7 +10,7 @@ use strict;
use Config;
-plan(tests => 109);
+plan(tests => 110);
# Test hexfloat literals.
@@ -255,6 +255,13 @@ SKIP: {
is(0x1p-16445, 3.6451995318824746e-4951);
}
+SKIP: {
+ skip("non-64-bit NVs", 1)
+ unless $Config{nvsize} == 8 && $Config{d_double_style_ieee};
+ fresh_perl_is('printf qq(%a\n), 0x030000000000000.1p0', '0x1.8p+53', { stderr => 1 },
+ "ASAN undefined error parsing the first");
+}
+
# sprintf %a/%A testing is done in sprintf2.t,
# trickier than necessary because of long doubles,
# and because looseness of the spec.
diff --git a/toke.c b/toke.c
index 6de7d09..c6c78df 100644
--- a/toke.c
+++ b/toke.c
@@ -10953,7 +10953,7 @@ Perl_scan_num(pTHX_ const char *start, YYSTYPE* lvalp)
hexfp_uquad <<= shift;
hexfp_uquad |= b;
hexfp_frac_bits += shift;
- } else {
+ } else if (significant_bits - shift < NV_MANT_DIG) {
/* We are at a hexdigit either at,
* or straddling, the edge of mantissa.
* We will try grabbing as many as
--
2.1.4
|
The RT System itself - Status changed from 'new' to 'open' |
From @jhiOn Tuesday-201708-15 4:21, Tony Cook via RT wrote:
Looks good to me, with the following nits. If you apply this to the blead I can smoke in my "private cloud" which
Yeah, that does smell wrong. We shouldn't be doing hexfp scanning Though, the icky part about the hexfp syntax is though that we don't Relatedly: I remember there being a known "loophole" so that the ./miniperl -wle 'print 0b11.1p0' This is probably not documented anywhere. I can't now think of the |
From @tonycozOn Wed, Aug 16, 2017 at 09:41:32AM +0300, Jarkko Hietaniemi wrote:
And fixed, since it accepts hex digits after the tony@mars:.../git/perl$ ./perl -wle 'print 0b11.01p0' Tony |
From @tonycozOn Wed, 16 Aug 2017 01:35:08 -0700, tonyc wrote:
Per the attached. Tony |
From @tonycoz0001-perl-131894-limit-the-digits-after-the-decimal-for-b.patchFrom c425976fc53a8129872836f887ea5da3f3e71952 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Tue, 5 Sep 2017 15:26:41 +1000
Subject: (perl #131894) limit the digits after the "decimal" for bin/oct fp
---
t/lib/croak/toke | 18 ++++++++++++++++++
t/op/hexfp.t | 16 +++++++++++++++-
toke.c | 6 ++++--
3 files changed, 37 insertions(+), 3 deletions(-)
diff --git a/t/lib/croak/toke b/t/lib/croak/toke
index c477be0..3b11ced 100644
--- a/t/lib/croak/toke
+++ b/t/lib/croak/toke
@@ -404,3 +404,21 @@ Number found where operator expected at - line 1, near "--5"
(Missing operator before 5?)
syntax error at - line 1, near "1e"
Execution of - aborted due to compilation errors.
+########
+# NAME octal fp with non-octal digits after the decimal point
+01.1234567p0;
+07.8p0;
+EXPECT
+Bareword found where operator expected at - line 2, near "8p0"
+ (Missing operator before p0?)
+syntax error at - line 2, near "8p0"
+Execution of - aborted due to compilation errors.
+########
+# NAME binary fp with non-binary digits after the decimal point
+0b1.10p0;
+0b1.2p0;
+EXPECT
+Bareword found where operator expected at - line 2, near "2p0"
+ (Missing operator before p0?)
+syntax error at - line 2, near "2p0"
+Execution of - aborted due to compilation errors.
diff --git a/t/op/hexfp.t b/t/op/hexfp.t
index a3529e4..efe908c 100644
--- a/t/op/hexfp.t
+++ b/t/op/hexfp.t
@@ -10,7 +10,7 @@ use strict;
use Config;
-plan(tests => 110);
+plan(tests => 121);
# Test hexfloat literals.
@@ -262,6 +262,20 @@ SKIP: {
"ASAN undefined error parsing the first");
}
+# the implementation also allow for octal and binary fp
+is(01p0, 1);
+is(01.0p0, 1);
+is(01.00p0, 1);
+is(010.1p0, 8.125);
+is(00.400p1, 1);
+is(00p0, 0);
+is(01.1p0, 1.125);
+
+is(0b0p0, 0);
+is(0b1p0, 1);
+is(0b10p0, 2);
+is(0b1.1p0, 1.5);
+
# sprintf %a/%A testing is done in sprintf2.t,
# trickier than necessary because of long doubles,
# and because looseness of the spec.
diff --git a/toke.c b/toke.c
index 84dce75..c98813b 100644
--- a/toke.c
+++ b/toke.c
@@ -10978,9 +10978,11 @@ Perl_scan_num(pTHX_ const char *start, YYSTYPE* lvalp)
NV nv_mult = 1.0;
#endif
bool accumulate = TRUE;
- for (h++; (isXDIGIT(*h) || *h == '_'); h++) {
+ U8 b;
+ int lim = 1 << shift;
+ for (h++; ((isXDIGIT(*h) && (b = XDIGIT_VALUE(*h)) < lim) ||
+ *h == '_'); h++) {
if (isXDIGIT(*h)) {
- U8 b = XDIGIT_VALUE(*h);
significant_bits += shift;
#ifdef HEXFP_UQUAD
if (accumulate) {
--
2.1.4
|
From zefram@fysh.orgI have applied Tony's patches, with revised test cases for the -zefram |
@cpansprout - Status changed from 'open' to 'pending release' |
From @khwilliamsonThank you for filing this report. You have helped make Perl better. With the release yesterday of Perl 5.28.0, this and 185 other issues have been Perl 5.28.0 may be downloaded via: If you find that the problem persists, feel free to reopen this ticket. |
@khwilliamson - Status changed from 'pending release' to 'resolved' |
Migrated from rt.perl.org#131894 (status was 'resolved')
Searchable as RT131894$
The text was updated successfully, but these errors were encountered: