Re: BUG #5590: undefined shift behavior

Hi Tom,

One of my students has hacked Clang to detect integer undefined
behaviors in C, like this shift problem or signed overflows. This was
the only problem that came up during a "make check" of a postgresql with
this checking turned on, which is pretty cool.

I'd expect to be able to find more problems if I could get hold of a
good fuzz tester for postgresql, or at least some much larger test
inputs. Are there any of these you folks would suggest that I use?

Thanks,

John

On 08/02/2010 09:06 AM, Tom Lane wrote:
> "John Regehr" <regehr(at)cs(dot)utah(dot)edu> writes:
>> Bug reference: 5590
>> Logged by: John Regehr
>> Email address: regehr(at)cs(dot)utah(dot)edu
>> PostgreSQL version: head 8/2/10
>> Operating system: OSX
>> Description: undefined shift behavior
>> Details:
>
>> During a "make check" the left-shift operator at tsquery_util.c 48:18 is
>> passed a negative right-hand argument a number of times.
>
> Hmm. valcrc is declared as signed int32, so depending on what your
> compiler thinks the semantics of % is, this clearly can potentially
> happen. I notice the same problem in makeTSQuerySign() in tsquery_op.c.
>
> The fix is presumably to cast the valcrc value to unsigned int before
> executing %. However, I'm a bit worried about whether this could change
> the results, and if it did whether that would invalidate any on-disk
> data structures. Oleg, Teodor, do either TSQuerySign or QTNode.sign
> ever get to disk?
>
> John: how did you detect this?
>
> regards, tom lane
>