undefined behaviour in pack

From: Philip Martin <philip.martin_at_wandisco.com>
Date: Tue, 26 Jan 2016 16:28:56 +0000

GCC's undefined behaviour sanitizer is reporting:

../src/subversion/libsvn_fs_fs/pack.c:902:17: runtime error: signed integer overflow: 2147483647 * 4 cannot be represented in type 'int'

To reproduce:

# set shard size to 3 and create a full shard
svnadmin create repo
chmod +w repo/db/format
printf "7\nlayout sharded 3\naddressing logical\n" > repo/db/format
svnmucc -mm -U file://`pwd`/repo put repo/format f
svnmucc -mm -U file://`pwd`/repo put repo/format f
svnadmin pack repo

Just before the warning roundness(0) returns MAX_INT and then:

(gdb) p path_order[i]->predecessor_count
$1 = 0
(gdb) p round
$2 = 2147483647

and 4 * 2147483647 overflows an int.

-- 
Philip Martin
WANdisco

Received on 2016-01-26 17:29:03 CET

This message: [ Message body ]
Next message: Daniel Shahaf: "Re: inconsistent null-ptr handling in utf-path related functions"
Previous message: Stefan Hett: "Re: Bug"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]