From 42cc4ca30a7729a4c6d1bb0bbbc3e4a736ef91c8 Mon Sep 17 00:00:00 2001 From: Alberto Donizetti Date: Wed, 22 Aug 2018 14:01:22 +0200 Subject: cmd/compile: prevent overflow in walkinrange MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In the compiler frontend, walkinrange indiscriminately calls Int64() on const CTINT nodes, even though Int64's return value is undefined for anything over 2⁶³ (in practise, it'll return a negative number). This causes the introduction of bad constants during rewrites of unsigned expressions, which make the compiler reject valid Go programs. This change introduces a preliminary check that Int64() is safe to call on the consts on hand. If it isn't, walkinrange exits without doing any rewrite. Fixes #27143 Change-Id: I2017073cae65468a521ff3262d4ea8ab0d7098d9 Reviewed-on: https://go-review.googlesource.com/130735 Run-TryBot: Josh Bleecher Snyder TryBot-Result: Gobot Gobot Reviewed-by: Josh Bleecher Snyder --- src/cmd/compile/internal/gc/const.go | 11 +++++++++++ src/cmd/compile/internal/gc/walk.go | 6 ++++++ 2 files changed, 17 insertions(+) (limited to 'src') diff --git a/src/cmd/compile/internal/gc/const.go b/src/cmd/compile/internal/gc/const.go index ceb124e31e..1403a2be11 100644 --- a/src/cmd/compile/internal/gc/const.go +++ b/src/cmd/compile/internal/gc/const.go @@ -121,6 +121,17 @@ func (n *Node) Int64() int64 { return n.Val().U.(*Mpint).Int64() } +// CanInt64 reports whether it is safe to call Int64() on n. +func (n *Node) CanInt64() bool { + if !Isconst(n, CTINT) { + return false + } + + // if the value inside n cannot be represented as an int64, the + // return value of Int64 is undefined + return n.Val().U.(*Mpint).CmpInt64(n.Int64()) == 0 +} + // Bool returns n as a bool. // n must be a boolean constant. func (n *Node) Bool() bool { diff --git a/src/cmd/compile/internal/gc/walk.go b/src/cmd/compile/internal/gc/walk.go index bd936fb70a..2993e08fc2 100644 --- a/src/cmd/compile/internal/gc/walk.go +++ b/src/cmd/compile/internal/gc/walk.go @@ -3694,6 +3694,12 @@ func walkinrange(n *Node, init *Nodes) *Node { return n } + // Ensure that Int64() does not overflow on a and c (it'll happen + // for any const above 2**63; see issue #27143). + if !a.CanInt64() || !c.CanInt64() { + return n + } + if opl == OLT { // We have a < b && ... // We need a ≤ b && ... to safely use unsigned comparison tricks. -- cgit v1.3