Skip to content

Arithmetic overflows in seq/printf numeric formatting (unchecked precision & exponent math) #13221

Description

@leeewee

The numeric-formatting code shared by seq and printf (uucore/src/lib/features/format/num_format.rs), plus seq's own equal-width
padding (seq.rs), performs unchecked integer arithmetic on user-controlled precision and exponent values. A near-usize/i64-max precision (from a %.<N> conversion) or an absurd value exponent (e.g. 1e9223372036854775808) makes these expressions overflow.

These are arithmetic overflows - attempt to add/negate/multiply with overflow:

  • Under overflow-checks (debug builds, or a release build with -C overflow-checks=on) each one panics and aborts.
  • In a normal release build they wrap (two's-complement). The wrap is the root cause of the user-visible release failures documented elsewhere — a wrapped precision/size then drives a bad allocation (OOM/capacity overflow), a num-bigint shift, or simply prints a wrong value.

All sites verified on latest main b76d615 (2026-06-29) with an -C overflow-checks=on build. Together they are the broader
picture of the arithmetic-overflow class already reported as #7632.

# site op (overflow-checks panic) offending expression trigger (seq / printf)
A seq.rs:168 attempt to add with overflow …num_integral_digits + (precision_value + 1) (equal-width padding) seq: seq -w 1e9223372036854775807 1.0e-9223372036854775806 1
B num_format.rs:449 attempt to add with overflow bd_to_string_exp_with_prec(bd, precision + 1) seq: seq --format=%.18446744073709551615e 1
C num_format.rs:594 attempt to negate with overflow let exp10 = -p; (negate the decimal exponent) seq: seq --format=%a 1e9223372036854775808 1e9223372036854775808
printf: printf '%a' 1e9223372036854775808
D num_format.rs:621 attempt to add with overflow ((max_precision + 1) as i64 * 4 - …) + -exp10 * 3 + 1 seq: seq -f %.18446744073709551615a 0.5 0.5 (precision term)
printf: printf '%a' 1E-9223372036854775000 (exponent term -exp10 * 3)
E num_format.rs:634 attempt to multiply with overflow wanted_bits = (BEFORE_BITS + max_precision * 4) as u64 seq: seq -f %.18446744073709551615a 1

Transcripts (overflow-checks build, latest b76d615)

seq:

$ seq -w 1e9223372036854775807 1.0e-9223372036854775806 1          # A
thread 'main' panicked at src/uu/seq/src/seq.rs:168:13:
attempt to add with overflow

$ seq --format=%.18446744073709551615e 1                           # B
thread 'main' panicked at .../format/num_format.rs:449:61:
attempt to add with overflow                       # precision + 1, precision = usize::MAX

$ seq --format=%a 1e9223372036854775808 1e9223372036854775808      # C
thread 'main' panicked at .../format/num_format.rs:594:17:
attempt to negate with overflow                    # -p, p = i64::MIN-ish

$ seq -f %.18446744073709551615a 0.5 0.5                           # D 
thread 'main' panicked at .../format/num_format.rs:621:14:
attempt to add with overflow

$ seq -f %.18446744073709551615a 1                                 # E
thread 'main' panicked at .../format/num_format.rs:634:38:
attempt to multiply with overflow                  # max_precision * 4

printf:

$ printf '%a' 1e9223372036854775808                                # C
thread 'main' panicked at .../format/num_format.rs:594:17:
attempt to negate with overflow

$ printf '%a' 1E-9223372036854775000                               # D 
thread 'main' panicked at .../format/num_format.rs:621:78:
attempt to multiply with overflow

Metadata

Metadata

Assignees

No one assigned

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions