| [ Return to Bugs & Features | Roadmap 1.3 | SVN ⇄ GIT ]
STR #3280
Application: | FLTK Library |
Status: | 1 - Closed w/Resolution |
Priority: | 2 - Low, e.g. a documentation error or undocumented side-effect |
Scope: | 3 - Applies to all machines and operating systems |
Subsystem: | Core Library |
Summary: | Integer overflow in Fl_Valuator::precision(). |
Version: | 1.3.3 |
Created By: | mikesart |
Assigned To: | AlbrechtS |
Fix Version: | 1.3.4 (SVN: v11315) |
Update Notification: | |
Trouble Report Files:
No files
Trouble Report Comments:
|
#1 | mikesart 10:43 Jan 28, 2016 |
| From Fl_Table.cxx:
vscrollbar->precision(10);
Which calls this function:
Fl_Valuator::precision(int p) { A = 1.0; for (B = 1; p--;) B *= 10; }
However 10^10 is 10,000,000,000, which is larger than MAX_INT, so we're getting a signed overflow. On my 64-bit Linux box, it's overflowing to 1,410,065,408 currently, but calling precision(12) would give me -727,379,968.
I think adding a clamp for p to 9 is probably the best fix?
Fl_Valuator::precision(int p) { if ( p > 9 ) p = 9; A = 1.0; for (B = 1; p--;) B *= 10; }
Thanks much. | |
|
#2 | AlbrechtS 05:57 Mar 08, 2016 |
| Fixed in Subversion repository.
Thanks for the report and the patch.
The fix is in r11315, additional documentation updates in r11316.
Note: I also clamped negative values (effective range now 0..9), because that would have generated an (almost) endless loop.
Closing this STR now. | |
|
#3 | AlbrechtS 06:00 Mar 08, 2016 |
| Additional note: equivalent commits in branch-1.3-porting are in r11317 and 11318, resp. | |
[ Return to Bugs & Features ]
|
| |