Re: Bash printf should diagnose integer overflow

[Chet Ramey]

On 3/18/24 12:36 PM, Paul Eggert wrote:
> On 3/18/24 07:40, Chet Ramey wrote:
> > Thanks for the patches. They introduce a number of regressions, some due
> > to the different overflow handling; several not. I urge everyone who
> > submits non-trivial patches to run the test suite (`make tests') on their
> > patched versions before sending them in.
>
> I ran "make check" (equivalent to "make tests") and it looked to me like 
> all the tests passed.

OK. I'm not sure what you're using, but that was not my experience on
macOS.

First, the patched version doesn't build on macOS because your patches
don't include <stdbool.h>. Once you get past that, printf goes into an
infinite loop on

printf -v s "%b" ""

in printstr because `fw' is used unititialized (and randomly set to some
ridiculously large value). That and the old test's incorrect expectation
that a field width of 9223372036854775825 would always overflow to -1 (a
left-adjusted field width of 1) instead of being flagged as overflow are
the UB I was talking about.

But the other tests that fail

22c22
< echo a\\;ls
---
> echo a\'\;ls
24c24
< \
---
> \*

are definitely regressions. I found and fixed the cause.

The printf tests are noisy because Linux uses a different error message
for overflow.

> I see that you're part way towards improving integer overflow checking, as 
> you've added stdckdint.in.h to the devel branch but are not using 
> stdckint.h yet. If there's any further way I can help to get integer 
> overflow checking to work as well as my proposed patches tried to do, 
> please let me know.

It should be mostly there in the changes I pushed today, once I made it
through the above.

--
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@case.edu    http://tiswww.cwru.edu/~chet/

OpenPGP_signature.asc
Description: OpenPGP digital signature