Context Navigation

← Previous Ticket
Next Ticket →

Opened 6 hours ago

#1846 new defect

integer overflow when running 6.0.0pre1 tests (1)

Reported by:	zerica	Owned by:
Priority:	major	Milestone:	someday
Component:	core libraries	Version:	6.0.0
Keywords:		Cc:
Estimated difficulty:	trivial

Description

i'm building chicken with the clang integer ub sanitizers, which trap here:

cd tests; sh runtests.sh
======================================== repository search path ...
Illegal instruction (core dumped)
make: *** [rules.make:1017: check] Error 132

* thread #1, name = 'csi', stop reason = signal SIGILL: illegal operand
  * frame #0: 0x0000713d2cf78f30 libchicken.so.12`C_new_symbol_table [inlined] C_fast_rand at runtime.c:678:18
    frame #1: 0x0000713d2cf78f30 libchicken.so.12`C_new_symbol_table(name="", size=749) at runtime.c:1066:15
    frame #2: 0x0000713d2cf78494 libchicken.so.12`CHICKEN_initialize(heap=1048576, stack=1048576, symbols=2999, toplevel=0x00006447c8247f60) at runtime.c:732:19
    frame #3: 0x0000713d2cf77faa libchicken.so.12`CHICKEN_main(argc=<unavailable>, argv=<unavailable>, toplevel=0x00006447c8247f60) at runtime.c:624:7
    frame #4: 0x00006447c8247f4c csi`main(argc=<unavailable>, argv=<unavailable>) at csi.c:14957:1 [artificial]
    frame #5: 0x0000713d3141dc1d ld-musl-x86_64.so.1`libc_start_main_stage2(main=(csi`main at csi.c:14957), argc=<unavailable>, argv=0x00007ffc201673a8) at __libc_start_main.c:95:7
    frame #6: 0x00006447c8247e76 csi`_start + 22

the offending code is:

/* simple linear congruential PRNG, to avoid OpenBSD warnings.
    https://stackoverflow.com/questions/26237419/faster-than-rand
*/

static int g_seed;

void C_fast_srand(int seed) { g_seed = seed; }

/* Output value in range [0, 32767] */
int C_fast_rand(void)
{
        g_seed = (214013*g_seed+2531011);
        return (g_seed>>16)&0x7FFF;
}

which is unsound, since g_seed is signed and as such its overflow behavior is undefined and can't be relied on to wrap. the following patch replaces it with an unsigned type, which is instead defined to wrap on overflow:

diff -ruN a/runtime.c b/runtime.c
--- a/runtime.c	2024-12-09 09:22:07.000000000 +0100
+++ b/runtime.c	2024-12-18 12:52:42.250955391 +0100
@@ -668,7 +668,7 @@
     https://stackoverflow.com/questions/26237419/faster-than-rand
 */
 
-static int g_seed;
+static unsigned g_seed;
 
 void C_fast_srand(int seed) { g_seed = seed; }

Note: See TracTickets for help on using tickets.

Download in other formats: