Closed Bug 786558 Opened 12 years ago Closed 6 years ago

Undefined behavior caused by out-of-range shift in unixShmSystemLock and sqlite3GenerateRowDelete

Categories

(Toolkit :: Storage, defect)

Product:
Toolkit
Component:
Storage
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INACTIVE

People

(Reporter: kinetik, Unassigned)

References

(Blocks 1 open bug)

Details

Building mozilla-central with Clang 3.2 on x86_64 with -fcatch-undefined-behavior results in a binary that crashes in unixShmSystemLock and sqlite3GenerateRowDelete due to out-of-range left shifts:

86986 SQLITE_PRIVATE void sqlite3GenerateRowDelete(
...
87026     for(iCol=0; iCol<pTab->nCol; iCol++){
87027       if( mask==0xffffffff || mask&(1<<iCol) ){

pTab->nCol is 33, loop terminates with iCol == 32.

28874 static int unixShmSystemLock(
...
28908   mask = (1<<(ofst+n)) - (1<<ofst);

And here, ofst is 128.
Should be reported upstream if it's still existing, part of this code can't be found anymore
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.