Re: Integer overflow during brace expansion

[Peter Stephenson <Peter.Stephenson@csr.com>]

On Mon, 27 Feb 2012 17:35:23 +0000
Peter Stephenson <Peter.Stephenson@csr.com> wrote:
> On Mon, 27 Feb 2012 18:01:23 +0100
> Mikael Magnusson <mikachu@gmail.com> wrote:
> > I found the old thread now, pws suggested just using %ld and casting
> > the value to long, to which I replied something incomprehensibly
> > stupid, "but %d won't work if I cast to long". If nobody sees a
> > problem with the above patch, I can commit it with this change.
> > 
> > -               sprintf(p + strp, "%0*ld", minw, rend);
> > +               sprintf(p + strp, "%0*ld", minw, (long)rend);
> 
> I think that sounds OK for now.  It would be quite nice to ensure we
> could output the full range one day, which isn't *that* difficult.

Here's the simple case: zlong is long long, rather than something more
baroque (obviously long is unproblematic), and this is supported by the
libraries.

I'm not sure how much work is really worth it.  The more baroque cases,
like quad_t, are probably out of fashion enough to be untestable, unless
anyone knows otherwise, and I would think most systems that provide long
long also provide %lld.  The problems disappear on native 64-bit
systems (we don't use long long unless long is 32-bit and long long is
64-bit).

Index: configure.ac
===================================================================
RCS file: /cvsroot/zsh/zsh/configure.ac,v
retrieving revision 1.137
diff -p -u -r1.137 configure.ac
--- configure.ac	10 Aug 2011 11:31:18 -0000	1.137
+++ configure.ac	1 Mar 2012 14:04:13 -0000
@@ -1010,6 +1010,37 @@ main() { return sizeof(ino_t) < 8; }
     fi
   fi
 fi
+AH_TEMPLATE([ZLONG_IS_LONG_LONG],
+[Define to 1 if the zlong type uses long long int.])
+if test "$zsh_cv_64_bit_type" = "long long"; then
+  dnl Remember this so we can get (s)printf output right.
+  AC_DEFINE(ZLONG_IS_LONG_LONG)
+fi
+
+dnl We'll blithely assume print supports the same types as sprintf.
+AC_CACHE_CHECK(for %lld printf support, zsh_cv_printf_has_lld,
+[AC_TRY_RUN(
+[#include <stdio.h>
+#include <string.h>
+int main(int argc, char **argv)
+{
+   long long foo = (long long)400;
+   char buf[20];
+   sprintf(buf, "before%lldafter", foo);
+   if (!strcmp(buf, "before400after")) {
+      return 0;
+   }
+   return 1;
+}
+],
+zsh_cv_printf_has_lld=yes,
+zsh_cv_printf_has_lld=no,
+zsh_cv_printf_has_lld=no)])
+AH_TEMPLATE(PRINTF_HAS_LLD,
+[Define to 1 if printf and sprintf support %ldd for long long.])
+if test x$zsh_cv_printf_has_lld = xyes; then
+  AC_DEFINE(PRINTF_HAS_LLD)
+fi
 
 dnl Check for sigset_t.  Currently I'm looking in
 dnl <sys/types.h> and <signal.h>.  Others might need
Index: Src/exec.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/exec.c,v
retrieving revision 1.209
diff -p -u -r1.209 exec.c
--- Src/exec.c	1 Mar 2012 03:33:18 -0000	1.209
+++ Src/exec.c	1 Mar 2012 14:04:13 -0000
@@ -3252,7 +3252,11 @@ execcmd(Estate state, int input, int out
 	    }
 	    if (isset(PRINTEXITVALUE) && isset(SHINSTDIN) &&
 		lastval && !subsh) {
+#if defined(ZLONG_IS_LONG_LONG) && defined(PRINTF_HAS_LLD)
+		fprintf(stderr, "zsh: exit %lld\n", lastval);
+#else
 		fprintf(stderr, "zsh: exit %ld\n", (long)lastval);
+#endif
 		fflush(stderr);
 	    }
 
Index: Src/glob.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/glob.c,v
retrieving revision 1.81
diff -p -u -r1.81 glob.c
--- Src/glob.c	29 Feb 2012 17:06:07 -0000	1.81
+++ Src/glob.c	1 Mar 2012 14:04:14 -0000
@@ -2148,7 +2148,11 @@ xpandbraces(LinkList list, LinkNode *np)
 	    for (; rend >= rstart; rend -= rincr) {
 		/* Node added in at end, so do highest first */
 		p = dupstring(str3);
+#if defined(ZLONG_IS_LONG_LONG) && defined(PRINTF_HAS_LLD)
+		sprintf(p + strp, "%0*lld", minw, rend);
+#else
 		sprintf(p + strp, "%0*ld", minw, (long)rend);
+#endif
 		strcat(p + strp, str2 + 1);
 		insertlinknode(list, last, p);
 		if (rev)	/* decreasing:  add in reverse order. */
Index: Src/prompt.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/prompt.c,v
retrieving revision 1.62
diff -p -u -r1.62 prompt.c
--- Src/prompt.c	9 May 2011 09:49:09 -0000	1.62
+++ Src/prompt.c	1 Mar 2012 14:04:14 -0000
@@ -663,12 +663,20 @@ putpromptchar(int doprint, int endchar, 
 		break;
 	    case 'L':
 		addbufspc(DIGBUFSIZE);
+#if defined(ZLONG_IS_LONG_LONG) && defined(PRINTF_HAS_LLD)
+		sprintf(bv->bp, "%lld", shlvl);
+#else
 		sprintf(bv->bp, "%ld", (long)shlvl);
+#endif
 		bv->bp += strlen(bv->bp);
 		break;
 	    case '?':
 		addbufspc(DIGBUFSIZE);
+#if defined(ZLONG_IS_LONG_LONG) && defined(PRINTF_HAS_LLD)
+		sprintf(bv->bp, "%lld", lastval);
+#else
 		sprintf(bv->bp, "%ld", (long)lastval);
+#endif
 		bv->bp += strlen(bv->bp);
 		break;
 	    case '%':
@@ -764,7 +772,11 @@ putpromptchar(int doprint, int endchar, 
 		    if (funcstack->tp == FS_EVAL)
 			lineno--;
 		    addbufspc(DIGBUFSIZE);
+#if defined(ZLONG_IS_LONG_LONG) && defined(PRINTF_HAS_LLD)
+		    sprintf(bv->bp, "%lld", flineno);
+#else
 		    sprintf(bv->bp, "%ld", (long)flineno);
+#endif
 		    bv->bp += strlen(bv->bp);
 		    break;
 		}
@@ -772,7 +784,11 @@ putpromptchar(int doprint, int endchar, 
 		/* FALLTHROUGH */
 	    case 'i':
 		addbufspc(DIGBUFSIZE);
+#if defined(ZLONG_IS_LONG_LONG) && defined(PRINTF_HAS_LLD)
+		sprintf(bv->bp, "%lld", lineno);
+#else
 		sprintf(bv->bp, "%ld", (long)lineno);
+#endif
 		bv->bp += strlen(bv->bp);
 		break;
 	    case 'x':
Index: Src/utils.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/utils.c,v
retrieving revision 1.265
diff -p -u -r1.265 utils.c
--- Src/utils.c	3 Dec 2011 23:15:38 -0000	1.265
+++ Src/utils.c	1 Mar 2012 14:04:14 -0000
@@ -275,9 +275,13 @@ zerrmsg(FILE *file, const char *fmt, va_
 #endif
     char *errmsg;
 
-    if ((unset(SHINSTDIN) || locallevel) && lineno)
+    if ((unset(SHINSTDIN) || locallevel) && lineno) {
+#if defined(ZLONG_IS_LONG_LONG) && defined(PRINTF_HAS_LLD)
+	fprintf(file, "%lld: ", lineno);
+#else
 	fprintf(file, "%ld: ", (long)lineno);
-    else
+#endif
+    } else
 	fputc((unsigned char)' ', file);
 
     while (*fmt)
Index: Src/Modules/parameter.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/Modules/parameter.c,v
retrieving revision 1.53
diff -p -u -r1.53 parameter.c
--- Src/Modules/parameter.c	19 Jan 2011 12:42:53 -0000	1.53
+++ Src/Modules/parameter.c	1 Mar 2012 14:04:14 -0000
@@ -531,7 +531,11 @@ functracegetfn(UNUSED(Param pm))
 	char *colonpair;
 
 	colonpair = zhalloc(strlen(f->caller) + (f->lineno > 9999 ? 24 : 6));
+#if defined(ZLONG_IS_LONG_LONG) && defined(PRINTF_HAS_LLD)
+	sprintf(colonpair, "%s:%lld", f->caller, f->lineno);
+#else
 	sprintf(colonpair, "%s:%ld", f->caller, (long)f->lineno);
+#endif
 
 	*p = colonpair;
     }
@@ -559,7 +563,11 @@ funcsourcetracegetfn(UNUSED(Param pm))
 	char *fname = f->filename ? f->filename : "";
 
 	colonpair = zhalloc(strlen(fname) + (f->flineno > 9999 ? 24 : 6));
+#if defined(ZLONG_IS_LONG_LONG) && defined(PRINTF_HAS_LLD)
+	sprintf(colonpair, "%s:%lld", fname, f->flineno);
+#else
 	sprintf(colonpair, "%s:%ld", fname, (long)f->flineno);
+#endif
 
 	*p = colonpair;
     }
@@ -594,7 +602,11 @@ funcfiletracegetfn(UNUSED(Param pm))
 	     */
 	    colonpair = zhalloc(strlen(f->caller) +
 				(f->lineno > 9999 ? 24 : 6));
+#if defined(ZLONG_IS_LONG_LONG) && defined(PRINTF_HAS_LLD)
+	    sprintf(colonpair, "%s:%lld", f->caller, f->lineno);
+#else
 	    sprintf(colonpair, "%s:%ld", f->caller, (long)f->lineno);
+#endif
 	} else {
 	    /*
 	     * Calling context is a function or eval; we need to find
@@ -604,7 +616,7 @@ funcfiletracegetfn(UNUSED(Param pm))
 	     * together with the $functrace line number for the current
 	     * context.
 	     */
-	    long flineno = (long)(f->prev->flineno + f->lineno);
+	    zlong flineno = f->prev->flineno + f->lineno;
 	    /*
 	     * Line numbers in eval start from 1, not zero,
 	     * so offset by one to get line in file.
@@ -614,7 +626,11 @@ funcfiletracegetfn(UNUSED(Param pm))
 	    fname = f->prev->filename ? f->prev->filename : "";
 
 	    colonpair = zhalloc(strlen(fname) + (flineno > 9999 ? 24 : 6));
-	    sprintf(colonpair, "%s:%ld", fname, flineno);
+#if defined(ZLONG_IS_LONG_LONG) && defined(PRINTF_HAS_LLD)
+	    sprintf(colonpair, "%s:%lld", fname, flineno);
+#else
+	    sprintf(colonpair, "%s:%ld", fname, (long)flineno);
+#endif
 	}
 
 	*p = colonpair;

-- 
Peter Stephenson <pws@csr.com>            Software Engineer
Tel: +44 (0)1223 692070                   Cambridge Silicon Radio Limited
Churchill House, Cambridge Business Park, Cowley Road, Cambridge, CB4 0WZ, UK


Member of the CSR plc group of companies. CSR plc registered in England and Wales, registered number 4187346, registered office Churchill House, Cambridge Business Park, Cowley Road, Cambridge, CB4 0WZ, United Kingdom
More information can be found at www.csr.com. Follow CSR on Twitter at http://twitter.com/CSR_PLC and read our blog at www.csr.com/blog