Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4FE2E0B0.7030507@cs.ucla.edu>
Date: Thu, 21 Jun 2012 01:52:00 -0700
From: Paul Eggert <eggert@...ucla.edu>
To: Rich Felker <dalias@...ifal.cx>
CC: musl@...ts.openwall.com, bug-gnulib@....org, 
 Isaac Dunham <idunham@...abit.com>,
 Reuben Thomas <rrt@...d.org>
Subject: Re: Re: musl bugs found through gnulib

On 06/20/2012 07:21 PM, Rich Felker wrote:

>>> Replacement of mktime, because of
>>>   checking for working mktime... no
> 
> This test is buggy; it goes into an infinite loop due to integer
> overflow UB, because the condition to break out of the loop is only
> checked when the test does not fail:

Thanks, I pushed the following patch into gnulib:

---
 ChangeLog    |    9 +++++++++
 m4/mktime.m4 |   25 ++++++++++++++-----------
 2 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 199b06c..1661a62 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2012-06-21  Paul Eggert  <eggert@...ucla.edu>
+
+	mktime: fix integer overflow in 'configure'-time test
+	* m4/mktime.m4 (gl_FUNC_MKTIME): Do not rely on undefined behavior
+	after integer overflow.  Problem reported by Rich Felker in
+	<http://lists.gnu.org/archive/html/bug-gnulib/2012-06/msg00257.html>.
+	Also, don't look for further instances of a bug if we've already
+	found one instance; this helps 'configure' run faster.
+
 2012-06-20  John Darrington  <john@...rington.wattle.id.au>  (tiny change)
 
 	tmpfile, clean-temp: Fix invocation of GetVersionEx.
diff --git a/m4/mktime.m4 b/m4/mktime.m4
index 5e05dfa..14fcf7f 100644
--- a/m4/mktime.m4
+++ b/m4/mktime.m4
@@ -1,4 +1,4 @@
-# serial 21
+# serial 22
 dnl Copyright (C) 2002-2003, 2005-2007, 2009-2012 Free Software Foundation,
 dnl Inc.
 dnl This file is free software; the Free Software Foundation
@@ -192,20 +192,23 @@ main ()
       if (tz_strings[i])
         putenv (tz_strings[i]);
 
-      for (t = 0; t <= time_t_max - delta; t += delta)
+      for (t = 0; t <= time_t_max - delta && (result & 1) == 0; t += delta)
         if (! mktime_test (t))
           result |= 1;
-      if (! (mktime_test ((time_t) 1)
-             && mktime_test ((time_t) (60 * 60))
-             && mktime_test ((time_t) (60 * 60 * 24))))
+      if ((result & 2) == 0
+          && ! (mktime_test ((time_t) 1)
+                && mktime_test ((time_t) (60 * 60))
+                && mktime_test ((time_t) (60 * 60 * 24))))
         result |= 2;
 
-      for (j = 1; ; j <<= 1)
-        if (! bigtime_test (j))
-          result |= 4;
-        else if (INT_MAX / 2 < j)
-          break;
-      if (! bigtime_test (INT_MAX))
+      for (j = 1; (result & 4) == 0; j <<= 1)
+        {
+          if (! bigtime_test (j))
+            result |= 4;
+          if (INT_MAX / 2 < j)
+            break;
+        }
+      if ((result & 8) == 0 && ! bigtime_test (INT_MAX))
         result |= 8;
     }
   if (! irix_6_4_bug ())
-- 
1.7.6.5

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.