The numeric-formatting code shared by seq and printf (uucore/src/lib/features/format/num_format.rs), plus seq's own equal-width
padding (seq.rs), performs unchecked integer arithmetic on user-controlled precision and exponent values. A near-usize/i64-max precision (from a %.<N> conversion) or an absurd value exponent (e.g. 1e9223372036854775808) makes these expressions overflow.
These are arithmetic overflows - attempt to add/negate/multiply with overflow:
- Under overflow-checks (debug builds, or a release build with
-C overflow-checks=on) each one panics and aborts.
- In a normal release build they wrap (two's-complement). The wrap is the root cause of the user-visible release failures documented elsewhere — a wrapped precision/size then drives a bad allocation (OOM/
capacity overflow), a num-bigint shift, or simply prints a wrong value.
All sites verified on latest main b76d615 (2026-06-29) with an -C overflow-checks=on build. Together they are the broader
picture of the arithmetic-overflow class already reported as #7632.
| # |
site |
op (overflow-checks panic) |
offending expression |
trigger (seq / printf) |
| A |
seq.rs:168 |
attempt to add with overflow |
…num_integral_digits + (precision_value + 1) (equal-width padding) |
seq: seq -w 1e9223372036854775807 1.0e-9223372036854775806 1 |
| B |
num_format.rs:449 |
attempt to add with overflow |
bd_to_string_exp_with_prec(bd, precision + 1) |
seq: seq --format=%.18446744073709551615e 1 |
| C |
num_format.rs:594 |
attempt to negate with overflow |
let exp10 = -p; (negate the decimal exponent) |
seq: seq --format=%a 1e9223372036854775808 1e9223372036854775808 printf: printf '%a' 1e9223372036854775808 |
| D |
num_format.rs:621 |
attempt to add with overflow |
((max_precision + 1) as i64 * 4 - …) + -exp10 * 3 + 1 |
seq: seq -f %.18446744073709551615a 0.5 0.5 (precision term) printf: printf '%a' 1E-9223372036854775000 (exponent term -exp10 * 3) |
| E |
num_format.rs:634 |
attempt to multiply with overflow |
wanted_bits = (BEFORE_BITS + max_precision * 4) as u64 |
seq: seq -f %.18446744073709551615a 1 |
Transcripts (overflow-checks build, latest b76d615)
seq:
$ seq -w 1e9223372036854775807 1.0e-9223372036854775806 1 # A
thread 'main' panicked at src/uu/seq/src/seq.rs:168:13:
attempt to add with overflow
$ seq --format=%.18446744073709551615e 1 # B
thread 'main' panicked at .../format/num_format.rs:449:61:
attempt to add with overflow # precision + 1, precision = usize::MAX
$ seq --format=%a 1e9223372036854775808 1e9223372036854775808 # C
thread 'main' panicked at .../format/num_format.rs:594:17:
attempt to negate with overflow # -p, p = i64::MIN-ish
$ seq -f %.18446744073709551615a 0.5 0.5 # D
thread 'main' panicked at .../format/num_format.rs:621:14:
attempt to add with overflow
$ seq -f %.18446744073709551615a 1 # E
thread 'main' panicked at .../format/num_format.rs:634:38:
attempt to multiply with overflow # max_precision * 4
printf:
$ printf '%a' 1e9223372036854775808 # C
thread 'main' panicked at .../format/num_format.rs:594:17:
attempt to negate with overflow
$ printf '%a' 1E-9223372036854775000 # D
thread 'main' panicked at .../format/num_format.rs:621:78:
attempt to multiply with overflow
The numeric-formatting code shared by
seqandprintf(uucore/src/lib/features/format/num_format.rs), plusseq's own equal-widthpadding (
seq.rs), performs unchecked integer arithmetic on user-controlled precision and exponent values. A near-usize/i64-max precision (from a%.<N>conversion) or an absurd value exponent (e.g.1e9223372036854775808) makes these expressions overflow.These are arithmetic overflows -
attempt to add/negate/multiply with overflow:-C overflow-checks=on) each one panics and aborts.capacity overflow), anum-bigintshift, or simply prints a wrong value.All sites verified on latest
mainb76d615(2026-06-29) with an-C overflow-checks=onbuild. Together they are the broaderpicture of the arithmetic-overflow class already reported as #7632.
seq.rs:168attempt to add with overflow…num_integral_digits + (precision_value + 1)(equal-width padding)seq -w 1e9223372036854775807 1.0e-9223372036854775806 1num_format.rs:449attempt to add with overflowbd_to_string_exp_with_prec(bd, precision + 1)seq --format=%.18446744073709551615e 1num_format.rs:594attempt to negate with overflowlet exp10 = -p;(negate the decimal exponent)seq --format=%a 1e9223372036854775808 1e9223372036854775808printf:
printf '%a' 1e9223372036854775808num_format.rs:621attempt to add with overflow((max_precision + 1) as i64 * 4 - …) + -exp10 * 3 + 1seq -f %.18446744073709551615a 0.5 0.5(precision term)printf:
printf '%a' 1E-9223372036854775000(exponent term-exp10 * 3)num_format.rs:634attempt to multiply with overflowwanted_bits = (BEFORE_BITS + max_precision * 4) as u64seq -f %.18446744073709551615a 1Transcripts (overflow-checks build, latest
b76d615)seq:
printf: