OpenWrt/immortalwrt
1
0
Fork 0
mirror of https://github.com/immortalwrt/immortalwrt synced 2025-01-07 03:27:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

lua: fix integer overflow in LNUM patch

Browse Source 
Safely detect integer overflow in try_addint() and try_subint().
Old code relied on undefined behavior, and recent versions of GCC on x86
optimized away the if-statements.
This caused integer overflow in Lua code instead of falling back to
floating-point numbers.

Signed-off-by: Adam Bailey <aebailey@gmail.com>
(cherry picked from commit 3a2e7c30d3)
This commit is contained in:
Adam Bailey 2023-07-03 20:16:14 -05:00 committed by Tianling Shen
parent 1209f4c2f0
commit 5be1746bbd
No known key found for this signature in database
GPG Key ID: 6850B6345C862176
2 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
package/utils/lua/patches-host/010-lua-5.1.3-lnum-full-260308.patch
View File

@ -1600,18 +1600,18 @@
+ * (and doing them).
+ */
+int try_addint( lua_Integer *r, lua_Integer ib, lua_Integer ic ) {
+ lua_Integer v= ib+ic; /* may overflow */
+ if (ib>0 && ic>0) { if (v < 0) return 0; /*overflow, use floats*/ }
+ else if (ib<0 && ic<0) { if (v >= 0) return 0; }
+ *r= v;
+ /* Signed int overflow is undefined behavior, so catch it without causing it. */
+ if (ic>0) { if (ib > LUA_INTEGER_MAX - ic) return 0; /*overflow, use floats*/ }
+ else { if (ib < LUA_INTEGER_MIN - ic) return 0; }
+ *r = ib + ic;
+ return 1;
+}
+
+int try_subint( lua_Integer *r, lua_Integer ib, lua_Integer ic ) {
+ lua_Integer v= ib-ic; /* may overflow */
+ if (ib>=0 && ic<0) { if (v < 0) return 0; /*overflow, use floats*/ }
+ else if (ib<0 && ic>0) { if (v >= 0) return 0; }
+ *r= v;
+ /* Signed int overflow is undefined behavior, so catch it without causing it. */
+ if (ic>0) { if (ib < LUA_INTEGER_MIN + ic) return 0; /*overflow, use floats*/ }
+ else { if (ib > LUA_INTEGER_MAX + ic) return 0; }
+ *r = ib - ic;
+ return 1;
+}
+

16
package/utils/lua/patches/010-lua-5.1.3-lnum-full-260308.patch
View File

@ -1589,18 +1589,18 @@
+ * (and doing them).
+ */
+int try_addint( lua_Integer *r, lua_Integer ib, lua_Integer ic ) {
+ lua_Integer v= ib+ic; /* may overflow */
+ if (ib>0 && ic>0) { if (v < 0) return 0; /*overflow, use floats*/ }
+ else if (ib<0 && ic<0) { if (v >= 0) return 0; }
+ *r= v;
+ /* Signed int overflow is undefined behavior, so catch it without causing it. */
+ if (ic>0) { if (ib > LUA_INTEGER_MAX - ic) return 0; /*overflow, use floats*/ }
+ else { if (ib < LUA_INTEGER_MIN - ic) return 0; }
+ *r = ib + ic;
+ return 1;
+}
+
+int try_subint( lua_Integer *r, lua_Integer ib, lua_Integer ic ) {
+ lua_Integer v= ib-ic; /* may overflow */
+ if (ib>=0 && ic<0) { if (v < 0) return 0; /*overflow, use floats*/ }
+ else if (ib<0 && ic>0) { if (v >= 0) return 0; }
+ *r= v;
+ /* Signed int overflow is undefined behavior, so catch it without causing it. */
+ if (ic>0) { if (ib < LUA_INTEGER_MIN + ic) return 0; /*overflow, use floats*/ }
+ else { if (ib > LUA_INTEGER_MAX + ic) return 0; }
+ *r = ib - ic;
+ return 1;
+}
+