From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <musl-return-20836-ml=inbox.vuxu.org@lists.openwall.com>
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no
	version=3.4.4
Received: from second.openwall.net (second.openwall.net [193.110.157.125])
	by inbox.vuxu.org (Postfix) with SMTP id B07E52131F
	for <ml@inbox.vuxu.org>; Sun, 14 Apr 2024 19:54:13 +0200 (CEST)
Received: (qmail 17798 invoked by uid 550); 14 Apr 2024 17:54:06 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 17760 invoked from network); 14 Apr 2024 17:54:06 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	ridiculousfish.com; h=cc:content-transfer-encoding:content-type
	:content-type:date:date:from:from:in-reply-to:message-id
	:mime-version:reply-to:subject:subject:to:to; s=fm1; t=
	1713117236; x=1713203636; bh=G1552d4H7fytv9ndx2oLlAxYugkrPVZP+8s
	VTYbLRbQ=; b=C0MysIPe3UU0xbejFq73adduiB2Y2OuOp3A2CQU/JQk3LKjspp/
	vhyvXDmifeWpXa2hf3/HPIYkz7zDmyMDiZJTlfplUmG6ZmoYrDCcMn132b0nmENy
	csqc9O5/YxsKE021cJklrL0FqBnwGD0AP9nT3n+C0sYc5AGHi/wLvPgo/QbrJdB2
	XSWhoMWqcBylqjGAc+ityLt4KMZEUmXpJw4veW56DCT8p88PuhcayiYEIPpRlmY+
	V1njFzL5HOUjsKB8EyvzOnoo7BdMKoNroAGFseDIksg8NsZa0SIkrxlVdpfx2q6N
	/ylgFQ/Ik+uN6ajl2x9DbW1Nh501uj2IqUA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:content-type:date:date:feedback-id:feedback-id:from:from
	:in-reply-to:message-id:mime-version:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm2; t=1713117236; x=1713203636; bh=G1552d4H7fytv9ndx2oLlAxYugkr
	PVZP+8sVTYbLRbQ=; b=srjvgE9TzKbMOm4lIYS/1FNWImZlOb15xCyffYqCJIs2
	wxrnfo0rAwlK2wrdZLQMxodHANVfGwPiy15u7DVunq7Vbq5wJw3Qss/zyABWzWMN
	LBenYm/we9dZJVG57hoJNqsx+/1okCiMXdbN6S8d/5auFTfAgntJiqMyVZffXhHY
	KrENBKUIFmxeBi4nNRiGXzHfoL1nwUDcnCPLp/MRyuV60R74cGraJr9Lkc5Z80Zf
	CUmgDWJuac/41CnJUKsNMdKwGSmeuv1o++ISS7gPCUL0OorEft8OvcRRlRioVFvt
	tM+8FUn5hNxse7S6pNX2UKgm9CdkM3DR2JhSg6R1KQ==
X-ME-Sender: <xms:MxgcZkCdSoczfw7yvDvA_to9ZyMcBw4xl-QCRbBNsSlgQcwuHUwomg>
    <xme:MxgcZmiQAmPBwpsSd27fao7Sn89n29Jn31KutQSs_mxSFm7UZLDcqJtLPQFuWCchn
    ff7J0zefpXvk3r0WQ>
X-ME-Received: <xmr:MxgcZnlEFb1HZubN1mx9-3GetT96RDb3h6JxKrTxikbPIjMQwNnwptaVg3M_m5oasy4e>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudeiledguddvtdcutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
    necuuegrihhlohhuthemuceftddtnecunecujfgurhephfgtgfgguffkfffvofesthhqmh
    dthhdtvdenucfhrhhomheprfgvthgvrhcutehmmhhonhcuoegtohhrhiguohhrrghssehr
    ihguihgtuhhlohhushhfihhshhdrtghomheqnecuggftrfgrthhtvghrnhepgfdvvdelve
    ejieeghfefheehleegffejfefhhfeuvdetieelgfdtgfelfeevhfevnecuvehluhhsthgv
    rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheptghorhihughorhgrshesrh
    hiughitghulhhouhhsfhhishhhrdgtohhm
X-ME-Proxy: <xmx:MxgcZqxJAvBq4B1oGHJaZVFQ6sHmDRNk56ABryQT9dCVCOulwIoVYw>
    <xmx:MxgcZpSq_Y3WVohqphqyWswdZOF8gTrculodoyp5CMZ9bRVkGnzevw>
    <xmx:MxgcZlY1mXXZh_TJyTflhn63YAQLV5dmuvMYD4sOdXYDjJ4wpwCnGA>
    <xmx:MxgcZiSLDOqKQj-MmQRrWSskj_KtD5Uzh6eqhD9DbfRoXexJ2HOX5Q>
    <xmx:NBgcZoJeQPFPwZnkYt2Cy8Bvd2peu3PZXddNbijR8k-JAUdeonTGvY6u>
Feedback-ID: i0ec14495:Fastmail
From: Peter Ammon <corydoras@ridiculousfish.com>
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.400.31\))
Message-Id: <81F5BE1D-3AA2-479E-8F4D-6AF0DAC7D010@ridiculousfish.com>
Date: Sun, 14 Apr 2024 10:53:39 -0700
To: musl@lists.openwall.com
X-Mailer: Apple Mail (2.3774.400.31)
Subject: [musl] [PATCH] printf: Fix int overflow in rounding calculation

In printf float formatting, a calculation of digits to round may trigger =
signed int overflow, if the precision is large and the exponent is large =
and negative. For example, `printf("%.*g", INT_MAX, 1e-100)` will =
reproduce it.

The overflow case corresponds to a huge number of digits after the =
decimal, which means no rounding is required, so I opted to saturate j =
at INT_MAX. Using a wider type is an alternative.

Note that p is non-negative, so underflow is impossible.

---
src/stdio/vfprintf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/stdio/vfprintf.c b/src/stdio/vfprintf.c
index 497c5e19..eb4c755a 100644
--- a/src/stdio/vfprintf.c
+++ b/src/stdio/vfprintf.c
@@ -307,7 +307,8 @@ static int fmt_fp(FILE *f, long double y, int w, int =
p, int fl, int t)
	else e=3D0;

	/* Perform rounding: j is precision after the radix (possibly =
neg) */
-	j =3D p - ((t|32)!=3D'f')*e - ((t|32)=3D=3D'g' && p);
+	i =3D ((t|32)!=3D'f')*e + ((t|32)=3D=3D'g' && p);
+	j =3D (i < 0 && p > INT_MAX+i) ? INT_MAX : p-i;
	if (j < 9*(z-r-1)) {
		uint32_t x;
		/* We avoid C's broken division of negative numbers */
--
2.39.2