Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

runtime error: left shift of 1 by 31 places cannot be represented in type 'int' (dump.c:581:52) #16117

Closed
p5pRT opened this issue Aug 16, 2017 · 4 comments

Comments

@p5pRT
Copy link

p5pRT commented Aug 16, 2017

Migrated from rt.perl.org#131912 (status was 'resolved')

Searchable as RT131912$

@p5pRT
Copy link
Author

p5pRT commented Aug 16, 2017

From @geeknik

While fuzzing v5.27.2-135-g7aaa36b196*, undefined-behavior was triggered in
the form of a 'left shift of 1 by 31 places' in dump.c.

./perl -DB -e "/0\l0@​0@​0-@​0@​@​0@​@​0@​@​0@​@​0@​0@​@​0@​@​0@​@​0@​@​0@​@​0@​'0/"

*SNIP*

dump.c​:581​:52​: runtime error​: left shift of 1 by 31 places cannot be
represented in type 'int'
  #0 0xc86d96 in S_opdump_indent /root/perl5/dump.c​:581​:52
  #1 0xc1b6a1 in S_do_op_dump_bar /root/perl5/dump.c​:986​:5
  #2 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #3 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #4 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #5 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #6 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #7 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #8 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #9 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #10 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #11 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #12 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #13 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #14 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #15 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #16 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #17 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #18 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #19 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #20 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #21 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #22 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #23 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #24 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #25 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #26 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #27 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #28 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #29 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #30 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #31 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #32 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #33 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c​:1268​:6
  #34 0xc1252c in Perl_do_op_dump /root/perl5/dump.c​:1278​:5
  #35 0xc1252c in Perl_op_dump /root/perl5/dump.c​:1294
  #36 0xc1252c in Perl_dump_all_perl /root/perl5/dump.c​:640
  #37 0x6c8487 in S_run_body /root/perl5/perl.c​:2527​:6
  #38 0x6c8487 in perl_run /root/perl5/perl.c​:2484
  #39 0x5251dc in main /root/perl5/perlmain.c​:123​:9
  #40 0x7ff3a1cb34d9 in __libc_start_main (/lib64/libc.so.6+0x204d9)
  #41 0x4359d9 in _start (/root/perl5/perl+0x4359d9)

SUMMARY​: AddressSanitizer​: undefined-behavior dump.c​:581​:52

@p5pRT
Copy link
Author

p5pRT commented Aug 17, 2017

From @iabyn

On Wed, Aug 16, 2017 at 11​:19​:22AM -0700, Brian Carpenter wrote​:

# New Ticket Created by Brian Carpenter
# Please include the string​: [perl #131912]
# in the subject line of all future correspondence about this issue.
# <URL​: https://rt-archive.perl.org/perl5/Ticket/Display.html?id=131912 >

While fuzzing v5.27.2-135-g7aaa36b196*, undefined-behavior was triggered in
the form of a 'left shift of 1 by 31 places' in dump.c.

./perl -DB -e "/0\l0@​0@​0-@​0@​@​0@​@​0@​@​0@​@​0@​0@​@​0@​@​0@​@​0@​@​0@​@​0@​'0/"

*SNIP*

dump.c​:581​:52​: runtime error​: left shift of 1 by 31 places cannot be
represented in type 'int'
#0 0xc86d96 in S_opdump_indent /root/perl5/dump.c​:581​:52

It's kind of intended behaviour. It's the mechanism for adding vertical
bars when dumping ops, e.g.​:

11 +--add BINOP(0x26fbbf0) ===> 1 [leave 0x26fa600]
  TARG = 5
  FLAGS = (VOID,KIDS,SLABBED)
  PRIVATE = (0x2)
  |
12 +--add BINOP(0x26fbc70) ===> 13 [padsv 0x26fbc38]
  | TARG = 4
  | FLAGS = (SCALAR,KIDS,PARENS,SLABBED,MORESIB)
  | PRIVATE = (0x2)
  | |
10 | +--padsv OP(0x26fbcf0) ===> 14 [padsv 0x26fbcb8]
  | | TARG = 1
  | | FLAGS = (SCALAR,SLABBED,MORESIB)
  | |
14 | +--padsv OP(0x26fbcb8) ===> 12 [add 0x26fbc70]
  | TARG = 2
  | FLAGS = (SCALAR,SLABBED)
  |
13 +--padsv OP(0x26fbc38) ===> 11 [add 0x26fbbf0]
  TARG = 3
  FLAGS = (SCALAR,SLABBED)

The code uses the bits in an int to indicate which columns in the leading
indentation get a vertical bar. When the indentation gets too great, it
doesn't bother with the left-most bars. However, the code could be
tweaked to make clang happy, which is what I've just pushed as
v5.27.2-142-gf649c62.

--
The Enterprise is involved in a bizarre time-warp experience which is in
some way unconnected with the Late 20th Century.
  -- Things That Never Happen in "Star Trek" #14

@p5pRT
Copy link
Author

p5pRT commented Aug 17, 2017

The RT System itself - Status changed from 'new' to 'open'

@p5pRT p5pRT closed this as completed Sep 11, 2017
@p5pRT
Copy link
Author

p5pRT commented Sep 11, 2017

@iabyn - Status changed from 'open' to 'resolved'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant