This is an archive of the discontinued LLVM Phabricator instance.

Differential D97557

[PDB] Fix unsigned integer overflow
ClosedPublic

Authored by thakis on Feb 26 2021, 8:19 AM.

Details

Reviewers
hans
Commits
rG301551ae8e8f: [PDB] Fix unsigned integer overflow
Summary

When building with -fsanitize=unsigned-integer-overflow, this code
causes a diagnostic like:

../../llvm/lib/DebugInfo/PDB/Native/GSIStreamBuilder.cpp:159:15:
runtime error: unsigned integer overflow:
90 - 229 cannot be represented in type 'unsigned long'

unsigned integer overflow is well defined and it isn't an issue in
practice, but in obscure scenarios (S1.size() small, S2.size over 2GB
on 32-bit systems) it could even be a bug.

So use the usual idiom for implementing cmp functions instead of the
gernally considered buggy idiom :)
See e.g. https://www.gnu.org/software/libc/manual/html_node/Comparison-Functions.html
or https://stackoverflow.com/questions/10996418/efficient-integer-compare-function/10997428#10997428

Diff Detail

Event Timeline

thakis created this revision.Feb 26 2021, 8:19 AM
Herald added a subscriber: hiraditya. · View Herald TranscriptFeb 26 2021, 8:19 AM
thakis requested review of this revision.Feb 26 2021, 8:19 AM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 26 2021, 8:19 AM
hans accepted this revision.Feb 26 2021, 8:23 AM

(I've written and been bit by this bug at least one time that I remember. I wonder if clang could have warning tailored to it..)

This revision is now accepted and ready to land.Feb 26 2021, 8:23 AM
This revision was landed with ongoing or failed builds.Feb 26 2021, 8:27 AM
Closed by commit rG301551ae8e8f: [PDB] Fix unsigned integer overflow (authored by thakis). · Explain Why
This revision was automatically updated to reflect the committed changes.
thakis added a commit: rG301551ae8e8f: [PDB] Fix unsigned integer overflow.
thakis added a comment.Feb 26 2021, 8:28 AM
In D97557#2590412, @hans wrote:

(I've written and been bit by this bug at least one time that I remember. I wonder if clang could have warning tailored to it..)

(I guess you'd pattern-match for if (a_with_some_int_type != b_with_some_int_type) return a_with_some_int_type - b_with_some_int_type; and warn on that and propose a diff like in this patch as fixit? could work!)

Harbormaster completed remote builds in B91043: Diff 326705.Feb 26 2021, 8:29 AM

Revision Contents

PathSize
llvm/
lib/
DebugInfo/
PDB/
Native/
2 lines

Diff 326706

llvm/lib/DebugInfo/PDB/Native/GSIStreamBuilder.cpp

Show First 20 LinesShow All 150 Lines▼ Show 20 Lines
} }
// See `caseInsensitiveComparePchPchCchCch` in gsi.cpp // See `caseInsensitiveComparePchPchCchCch` in gsi.cpp
static int gsiRecordCmp(StringRef S1, StringRef S2) { static int gsiRecordCmp(StringRef S1, StringRef S2) {
size_t LS = S1.size(); size_t LS = S1.size();
size_t RS = S2.size(); size_t RS = S2.size();
// Shorter strings always compare less than longer strings. // Shorter strings always compare less than longer strings.
if (LS != RS) if (LS != RS)
return LS - RS; return (LS > RS) - (LS < RS);
// If either string contains non ascii characters, memcmp them. // If either string contains non ascii characters, memcmp them.
if (LLVM_UNLIKELY(!isAsciiString(S1) || !isAsciiString(S2))) if (LLVM_UNLIKELY(!isAsciiString(S1) || !isAsciiString(S2)))
return memcmp(S1.data(), S2.data(), LS); return memcmp(S1.data(), S2.data(), LS);
// Both strings are ascii, perform a case-insensitive comparison. // Both strings are ascii, perform a case-insensitive comparison.
return S1.compare_lower(S2.data()); return S1.compare_lower(S2.data());
} }
▲ Show 20 LinesShow All 327 LinesShow Last 20 Lines