Undefined behavior caused by out-of-range shift in unixShmSystemLock and sqlite3GenerateRowDelete

RESOLVED INACTIVE

Status

()

RESOLVED INACTIVE
6 years ago
7 months ago

People

(Reporter: kinetik, Unassigned)

Tracking

(Blocks: 1 bug)

Trunk
x86_64
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 years ago
Building mozilla-central with Clang 3.2 on x86_64 with -fcatch-undefined-behavior results in a binary that crashes in unixShmSystemLock and sqlite3GenerateRowDelete due to out-of-range left shifts:

86986 SQLITE_PRIVATE void sqlite3GenerateRowDelete(
...
87026     for(iCol=0; iCol<pTab->nCol; iCol++){
87027       if( mask==0xffffffff || mask&(1<<iCol) ){

pTab->nCol is 33, loop terminates with iCol == 32.

28874 static int unixShmSystemLock(
...
28908   mask = (1<<(ofst+n)) - (1<<ofst);

And here, ofst is 128.
Should be reported upstream if it's still existing, part of this code can't be found anymore
Status: NEW → RESOLVED
Last Resolved: 7 months ago
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.