[Vm-dev] [OpenSmalltalk/opensmalltalk-vm] BitBlt Segmentation Fault with Magic (2^31) value (#447)
Nicolas Cellier
notifications at github.com
Thu Nov 21 22:08:08 UTC 2019
The signed integer overflow reported by -fsanitize is not related, what is related is the assert warning:
```
(((usqInt)destIndex)) < endOfDestination 2226
Process 77080 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xffffffff0d50d768)
frame #0: 0x000000010048bc51 Squeak`copyLoopNoSource at BitBltPlugin.c:2227:14
2224 }
2225 destMask = mask1;
2226 assert((((usqInt)destIndex)) < endOfDestination);
-> 2227 destWord = long32At(destIndex);
2228 mergeWord = mergeFnwith(halftoneWord, destWord);
2229 destWord = (destMask & mergeWord) | (destWord & ((unsigned int)~destMask));
2230 long32Atput(destIndex, destWord);
Target 0: (Squeak) stopped.
```
```
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xffffffff0d50d768)
* frame #0: 0x000000010048bc51 Squeak`copyLoopNoSource at BitBltPlugin.c:2227:14
frame #1: 0x0000000100481b71 Squeak`copyBitsLockedAndClipped at BitBltPlugin.c:1505:3
frame #2: 0x000000010047b6e6 Squeak`copyBits at BitBltPlugin.c:1257:2
frame #3: 0x000000010047ba23 Squeak`primitiveCopyBits at BitBltPlugin.c:5128:2
frame #4: 0x0000000108a01670
frame #5: 0x0000000100001a65 Squeak`interpret at gcc3x-cointerp.c:2772:3
frame #6: 0x00000001003abd87 Squeak`-[sqSqueakMainApplication runSqueak](self=0x0000000101867010, _cmd="runSqueak") at sqSqueakMainApplication.m:201:2
(lldb) p/x destIndex
(usqInt) $8 = 0xffffffff0d50d768
(lldb) p/x endOfDestination
(usqInt) $9 = 0x000000010d741768
(lldb) p/x destX
(sqInt) $32 = 0x0000000080000000
(lldb) p/x dx
(int) $36 = 0x80000000
(lldb) print dx
(int) $34 = -2147483648
```
`destX` is 2^31, since it is on 64bits (signed), there is no overflow at this stage.<br>
The overflow is on `dx` which is an `int`.<br>
It seems that `-fsanitize=undefined` does not signal case of overflow unsigned->signed, because it is not UB...
One solution is to change the type of dx and dy to sqInt.
Then, with 64 bits, it might still be possible to craft a value that will overflow, this will have to be reviewed...
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/447#issuecomment-557294695
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20191121/f44d0352/attachment.html>
More information about the Vm-dev
mailing list