-
Notifications
You must be signed in to change notification settings - Fork 188
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
poly_r.c: fix crash when building with -ftrapv on 32 bit builds #109
base: master
Are you sure you want to change the base?
Conversation
This is a upstreaming from GDAL's internal libqhull copy: OSGeo/gdal@3c2f7d2
This doesn't seem right — I think for hashing you actually want the 2s-complement wraparound behavior? It seems like a better fix would be to define a |
ptr_intT is a Qhull typedef defined in mem_r.h Please submit a new pull request to change ptr_intT to intptr_t for C99+ compilers. Is another 'include' required for intptr_t? typedef intptr_t ptr_intT; Otherwise keep the current definition. It is #if (defined(MINGW64)) && defined(_WIN64) Note that Steven suggested 'uintptr_t' instead of 'intptr_t'. It would be a better choice for 'gethash' in poly_r.h, but it would require another critical typedef and a rewrite of gethash. The code is admittedly odd. I'll add a review for a later release of Qhull. Perhaps int_ptrT should be changed to uint_ptrT everywhere. |
I don't think changing to intptr_t would solve the issue on 32 bit builds, since it is still a signed type and the overflow on addition would still occur. The temporary cast to long long allows arithmetics to be done on 64 bits before the truncation (which is also probably undefined behaviour formally too, but -ftrapv and -fsanitize=undefined don't catch this). Which underlies that if there was a 64 bit architecture using the full width of 64 bits for address, we could have issues there too, but the x64 convention is limited to 48 bits, so it doesn't happen here. |
Postponing this request to a reorg of Qhull for 64-bit code. A higher priority task is merge due to 'dupridge'. |
HardwareAddressSanitizer [1] tags the top-byte of the pointer, which often leads to signed integer overflow in that hashing function. Changing qh_gethash to temporarily cast to unsigned long long:
fixes the issue, while keeping the change localized (the type of ptr_intT isn't changed elsewhere), thus ensuring it won't adversely affect the rest of the code. [1] https://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html |
thurstond - good argument. Can you create the corresponding patch?
The only other use of ptr_intT is qh_pointid in poly_r.c and poly.c.. This use looks OK. Agreed? |
This is a upstreaming from GDAL's internal libqhull copy:
OSGeo/gdal@3c2f7d2