Hi Tom,
One of my students has hacked Clang to detect integer undefined
behaviors in C, like this shift problem or signed overflows. This was
the only problem that came up during a "make check" of a postgresql with
this checking turned on, which is pretty cool.
I'd expect to be able to find more problems if I could get hold of a
good fuzz tester for postgresql, or at least some much larger test
inputs. Are there any of these you folks would suggest that I use?
Thanks,
John
On 08/02/2010 09:06 AM, Tom Lane wrote:
> "John Regehr" <regehr@cs.utah.edu> writes:
>> Bug reference: 5590
>> Logged by: John Regehr
>> Email address: regehr@cs.utah.edu
>> PostgreSQL version: head 8/2/10
>> Operating system: OSX
>> Description: undefined shift behavior
>> Details:
>
>> During a "make check" the left-shift operator at tsquery_util.c 48:18 is
>> passed a negative right-hand argument a number of times.
>
> Hmm. valcrc is declared as signed int32, so depending on what your
> compiler thinks the semantics of % is, this clearly can potentially
> happen. I notice the same problem in makeTSQuerySign() in tsquery_op.c.
>
> The fix is presumably to cast the valcrc value to unsigned int before
> executing %. However, I'm a bit worried about whether this could change
> the results, and if it did whether that would invalidate any on-disk
> data structures. Oleg, Teodor, do either TSQuerySign or QTNode.sign
> ever get to disk?
>
> John: how did you detect this?
>
> regards, tom lane
>