-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix overflow problem in brace expansion of ranges with increment
Example reproducer: $ echo {1696512000..1696512000..300} | wc -w 47722 Expected output: 1. Only 1 number (1696512000) should be generated. Analysis: The issue is a 32-bit integer overflow in path_generate(): src/cmd/ksh93/sh/expand.c: 250: int first = 0, last = 0, incr = 0, count = 0; [...] 408: if(incr*(first+incr) > last*incr) Line 408 has an inherent overflow problem due to the multiplication by incr. In the reproducer, 1696512000 * 300 well exceeds INT_MAX. This bug has been present since the range feature was introduced in ksh 93q+ 2005-05-22 and survives in every ksh version since. You'd think that line 408 can be simplified to: if(first+incr > last) However, that doesn't work because incr may be negative. With the too-clever-by-half multiplication eliminated, the comparison operator (>) will now also need to adapt to the negativity of incr. src/cmd/ksh93/sh/expand.c: path_generate(): - Fix range brace expansion to check first + incr < last if incr < 0, or first + incr > last otherwise. src/cmd/ksh93/sh.1: - Formatting fixes. - Document that n1, n2 and n3 are limited to INT_MIN...INT_MAX and that exceeding this range produces undefined behaviour. Thanks to Robert W. Mills (@rwmills) for the bug report. Resolves: #738
- Loading branch information
Showing
5 changed files
with
27 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters