#119 closed defect (fixed)
Undefined behavior in img.c
| Reported by: | Matěj Plch | Owned by: | Olly Betts |
|---|---|---|---|
| Priority: | minor | Milestone: | 1.2.45 |
| Component: | Other | Version: | |
| Keywords: | Cc: |
Description
Hi, therion uses img.h and img.c, and when I compile and run therion with Undefined Behavior Sanitizer, this error appears:
UndefinedBehaviorSanitizer: undefined-behavior ../extern/img.c:103:27: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
Problem is in function get32(), where shifting of signed value by 24 bits interferes with a sign bit. Bitwise operations should be done with unsigned types.
Therion CI job where this error occured: https://github.com/Afforix/therion/runs/2025117514?check_suite_focus=true.
Change History (5)
comment:1 Changed 4 years ago by
comment:2 Changed 4 years ago by
| Milestone: | → 1.2.45 |
|---|
comment:3 Changed 4 years ago by
Oops, you actually need 227fd9a441d475ad9f79226a8da05a973e10dcd1 as I missed a change (sorry, the power tripped while I was preparing the commit and I lost track of where I'd got to when I turned my computer back on...)
comment:4 Changed 4 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note: See
TracTickets for help on using
tickets.
Thanks for reporting.
This also affects Survex itself, but only on big-endian platforms (on little-endian platforms it uses an optimised version of
get32()which instead reads 4 bytes from the file in one go) so despite testing Survex with ubsan I hadn't spotted this.