[v2,7/7] hppa: Fix undefined behaviour in feclearexcept (BZ 30983)

Message ID 20231106132713.953501-8-adhemerval.zanella@linaro.org
State Committed
Commit d0829302728954e0abacfc01551c17daf4d61c87
Headers
Series Multiple floating-point environment fixes |

Checks

Context Check Description
redhat-pt-bot/TryBot-apply_patch success Patch applied to master at the time it was sent
redhat-pt-bot/TryBot-32bit success Build for i686
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 success Testing passed
linaro-tcwg-bot/tcwg_glibc_check--master-arm success Testing passed
linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 success Testing passed
linaro-tcwg-bot/tcwg_glibc_build--master-arm success Testing passed

Commit Message

Adhemerval Zanella Netto Nov. 6, 2023, 1:27 p.m. UTC
  From: Bruno Haible <bruno@clisp.org>

The expression

  (excepts & FE_ALL_EXCEPT) << 27

produces a signed integer overflow when 'excepts' is specified as
FE_INVALID (= 0x10), because
  - excepts is of type 'int',
  - FE_ALL_EXCEPT is of type 'int',
  - thus (excepts & FE_ALL_EXCEPT) is (int) 0x10,
  - 'int' is 32 bits wide.

The patched code produces the same instruction sequence as
previosuly.
---
 sysdeps/hppa/fpu/fclrexcpt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
  

Comments

Carlos O'Donell Nov. 6, 2023, 4:57 p.m. UTC | #1
On 11/6/23 08:27, Adhemerval Zanella wrote:
> From: Bruno Haible <bruno@clisp.org>
> 
> The expression
> 
>   (excepts & FE_ALL_EXCEPT) << 27
> 
> produces a signed integer overflow when 'excepts' is specified as
> FE_INVALID (= 0x10), because
>   - excepts is of type 'int',
>   - FE_ALL_EXCEPT is of type 'int',
>   - thus (excepts & FE_ALL_EXCEPT) is (int) 0x10,
>   - 'int' is 32 bits wide.

Agreed.

> 
> The patched code produces the same instruction sequence as
> previosuly.

LGTM.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

> ---
>  sysdeps/hppa/fpu/fclrexcpt.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/sysdeps/hppa/fpu/fclrexcpt.c b/sysdeps/hppa/fpu/fclrexcpt.c
> index 055fb04ccc..46caf39ec1 100644
> --- a/sysdeps/hppa/fpu/fclrexcpt.c
> +++ b/sysdeps/hppa/fpu/fclrexcpt.c
> @@ -26,7 +26,7 @@ feclearexcept (int excepts)
>    /* Get the current status word. */
>    __asm__ ("fstd %%fr0,0(%1)" : "=m" (s.l) : "r" (&s.l) : "%r0");
>    /* Clear all the relevant bits. */
> -  s.sw[0] &= ~((excepts & FE_ALL_EXCEPT) << 27);
> +  s.sw[0] &= ~(((unsigned int) excepts & FE_ALL_EXCEPT) << 27);
>    __asm__ ("fldd 0(%0),%%fr0" : : "r" (&s.l), "m" (s.l) : "%r0");
>  
>    /* Success.  */
  

Patch

diff --git a/sysdeps/hppa/fpu/fclrexcpt.c b/sysdeps/hppa/fpu/fclrexcpt.c
index 055fb04ccc..46caf39ec1 100644
--- a/sysdeps/hppa/fpu/fclrexcpt.c
+++ b/sysdeps/hppa/fpu/fclrexcpt.c
@@ -26,7 +26,7 @@  feclearexcept (int excepts)
   /* Get the current status word. */
   __asm__ ("fstd %%fr0,0(%1)" : "=m" (s.l) : "r" (&s.l) : "%r0");
   /* Clear all the relevant bits. */
-  s.sw[0] &= ~((excepts & FE_ALL_EXCEPT) << 27);
+  s.sw[0] &= ~(((unsigned int) excepts & FE_ALL_EXCEPT) << 27);
   __asm__ ("fldd 0(%0),%%fr0" : : "r" (&s.l), "m" (s.l) : "%r0");
 
   /* Success.  */