Assertion `(U)bits < (int)safeint_internal::int_traits< T >::bitCount' failed. #1829
Comments
|
The issue here is that we do not cleanly reject shifts beyond the width of an integer; instead this might be rejected by an assertion in SafeInt when building in debug mode. We should reject this cleanly for all build types at runtime via an exception. All these cases are expected to fail: print uint8(0)<<8;
print uint16(0)<<16;
print uint32(0)<<32;
print uint64(0)<<64;
print int8(0)<<8;
print int16(0)<<16;
print int32(0)<<32;
print int64(0)<<64;Even though there is deliberate handling for undefined shifts in SafeInt I filed dcleblanc/SafeInt#63 to see whether they could be convinced to switch to a throwing versions. |
bbannier
added
the
Runtime Library
If the shift is by a I'm still wondering if |
Yeah, for one there are no automatic coercions from |
|
Upstream has a PR open to move unsafe bitfshifts from assertion to exception. If this lands soon a bump would fix our issue (would still be good to add some tests); if it does not we could hook into the existing mechanism, see here. I haven't audited which other places invoke |
|
Do we know if SafeInt is going to merge this? |
|
I pinged upstream on whether they could merge their fix. I also tried to customize |
Running the following code through
spicyc -d -jtriggers an assertion. Haven't looked further, but seems the expression should fit 64bit, or a reasonable RuntimeError raised.Without
-d, it printssaslLen, 87which seems to indicate onlyrem[2]is taken into account? The other uint8 values are all shifted to 0? Is this something one needs to worry about, or should shifting promote they type? A better result comes with:This was found while fuzzing Zeek's LDAP analyzer locally. It employs such a shift here:
Zeek's fuzzers are build with
assert()enabled.The text was updated successfully, but these errors were encountered: