[Toybox] [PATCH] expr

Daniel Verkamp daniel at drv.nu
Mon Jun 10 17:56:17 PDT 2013


On Sat, Jun 8, 2013 at 11:22 AM, Rob Landley <rob at landley.net> wrote:
> On 06/05/2013 07:29:38 PM, Daniel Verkamp wrote:
>>
>> On Tue, Jun 4, 2013 at 11:06 PM, Rob Landley <rob at landley.net> wrote:
>> >> - Decide what to do about integer overflow (the current code can
>> >> execute undefined signed overflow behavior with large inputs; GNU
>> >> coreutils expr detects this and prints an appropriate error).
>> >
>> >
>> > What does Posix require?
>>
>> The expr command description doesn't mention anything about integer
>> overflow at all; I don't know if there is some overall POSIX
>> requirement that applies.
>
>
> Well, how did _you_ find out about it?

The C standard says signed integer overflow is undefined behavior, and
a user can trigger such behavior with crafted inputs.  Try `expr
9223372036854775807 \* 2`, for example.

Additionally, the GNU Coreutils implementation of expr prints a
specific message on overflow.

> Absent the standard explicitly requiring something, the next thing I care
> about is real world users. Who will _not_ doing it inconvenience?

At the very least, it's within the rights of the compiler to generate
code that aborts or crashes on overflow, and the potential for nasal
demons (or at least incorrect results) is probably enough to warrant
fixing it.

I presume most real-world uses of expr don't cause overflow, since it
doesn't produce any useful results, but I suppose there could be
scripts that depend on the "return error on overflow" behavior of GNU
expr in some way.

Perhaps the easiest option would be to enable GCC's -ftrapv option,
which causes signed overflow to abort intentionally; this would not be
very user friendly, but it's probably better than generating wrong
answers.  However, this would generate larger and slower code
throughout toybox.

Thanks,
-- Daniel Verkamp

 1370912177.0


More information about the Toybox mailing list