| | [ Return to Bugs & Features | Roadmap 1.3 | SVN ⇄ GIT ]
STR #3280
| Application: | FLTK Library |
|---|
| Status: | 1 - Closed w/Resolution |
|---|
| Priority: | 2 - Low, e.g. a documentation error or undocumented side-effect |
|---|
| Scope: | 3 - Applies to all machines and operating systems |
|---|
| Subsystem: | Core Library |
|---|
| Summary: | Integer overflow in Fl_Valuator::precision(). |
|---|
| Version: | 1.3.3 |
|---|
| Created By: | mikesart |
|---|
| Assigned To: | AlbrechtS |
|---|
| Fix Version: | 1.3.4 (SVN: v11315) |
|---|
| Update Notification: | |
|---|
Trouble Report Files:
No files
Trouble Report Comments:
| |
| #1 | mikesart
10:43 Jan 28, 2016 |
| From Fl_Table.cxx:
vscrollbar->precision(10);
Which calls this function:
Fl_Valuator::precision(int p) {
A = 1.0;
for (B = 1; p--;) B *= 10;
}
However 10^10 is 10,000,000,000, which is larger than MAX_INT, so we're getting a signed overflow. On my 64-bit Linux box, it's overflowing to 1,410,065,408 currently, but calling precision(12) would give me -727,379,968.
I think adding a clamp for p to 9 is probably the best fix?
Fl_Valuator::precision(int p) {
if ( p > 9 ) p = 9;
A = 1.0;
for (B = 1; p--;) B *= 10;
}
Thanks much. | |
| |
| #2 | AlbrechtS
05:57 Mar 08, 2016 |
| Fixed in Subversion repository.
Thanks for the report and the patch.
The fix is in r11315, additional documentation updates in r11316.
Note: I also clamped negative values (effective range now 0..9), because that would have generated an (almost) endless loop.
Closing this STR now. | |
| |
| #3 | AlbrechtS
06:00 Mar 08, 2016 |
| Additional note: equivalent commits in branch-1.3-porting are in r11317 and 11318, resp. | |
[ Return to Bugs & Features ]
|
| |
