From 30ccc6284ad283bae86dfdd8c0e77d65f3d6a4f9 Mon Sep 17 00:00:00 2001 From: Alberto Donizetti Date: Wed, 22 Aug 2018 14:01:22 +0200 Subject: [release-branch.go1.10] cmd/compile: prevent overflow in walkinrange MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In the compiler frontend, walkinrange indiscriminately calls Int64() on const CTINT nodes, even though Int64's return value is undefined for anything over 2⁶³ (in practise, it'll return a negative number). This causes the introduction of bad constants during rewrites of unsigned expressions, which make the compiler reject valid Go programs. This change introduces a preliminary check that Int64() is safe to call on the consts on hand. If it isn't, walkinrange exits without doing any rewrite. Fixes #27247 Change-Id: I2017073cae65468a521ff3262d4ea8ab0d7098d9 Reviewed-on: https://go-review.googlesource.com/130735 Run-TryBot: Josh Bleecher Snyder TryBot-Result: Gobot Gobot Reviewed-by: Josh Bleecher Snyder (cherry picked from commit 42cc4ca30a7729a4c6d1bb0bbbc3e4a736ef91c8) Reviewed-on: https://go-review.googlesource.com/c/131595 Run-TryBot: Dmitri Shuralyov Reviewed-by: Dmitri Shuralyov --- src/cmd/compile/internal/gc/const.go | 11 +++++++++++ src/cmd/compile/internal/gc/walk.go | 6 ++++++ test/fixedbugs/issue27143.go | 17 +++++++++++++++++ 3 files changed, 34 insertions(+) create mode 100644 test/fixedbugs/issue27143.go diff --git a/src/cmd/compile/internal/gc/const.go b/src/cmd/compile/internal/gc/const.go index dcc16b6dec..32af1fb3fa 100644 --- a/src/cmd/compile/internal/gc/const.go +++ b/src/cmd/compile/internal/gc/const.go @@ -122,6 +122,17 @@ func (n *Node) Int64() int64 { return n.Val().U.(*Mpint).Int64() } +// CanInt64 reports whether it is safe to call Int64() on n. +func (n *Node) CanInt64() bool { + if !Isconst(n, CTINT) { + return false + } + + // if the value inside n cannot be represented as an int64, the + // return value of Int64 is undefined + return n.Val().U.(*Mpint).CmpInt64(n.Int64()) == 0 +} + // Bool returns n as a bool. // n must be a boolean constant. func (n *Node) Bool() bool { diff --git a/src/cmd/compile/internal/gc/walk.go b/src/cmd/compile/internal/gc/walk.go index ca3025bbaa..79134067c6 100644 --- a/src/cmd/compile/internal/gc/walk.go +++ b/src/cmd/compile/internal/gc/walk.go @@ -3561,6 +3561,12 @@ func walkinrange(n *Node, init *Nodes) *Node { return n } + // Ensure that Int64() does not overflow on a and c (it'll happen + // for any const above 2**63; see issue #27143). + if !a.CanInt64() || !c.CanInt64() { + return n + } + if opl == OLT { // We have a < b && ... // We need a ≤ b && ... to safely use unsigned comparison tricks. diff --git a/test/fixedbugs/issue27143.go b/test/fixedbugs/issue27143.go new file mode 100644 index 0000000000..009ec9f6c2 --- /dev/null +++ b/test/fixedbugs/issue27143.go @@ -0,0 +1,17 @@ +// compile + +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Issue 27143: cmd/compile: erroneous application of walkinrange +// optimization for const over 2**63 + +package p + +var c uint64 + +var b1 bool = 0x7fffffffffffffff < c && c < 0x8000000000000000 +var b2 bool = c < 0x8000000000000000 && 0x7fffffffffffffff < c +var b3 bool = 0x8000000000000000 < c && c < 0x8000000000000001 +var b4 bool = c < 0x8000000000000001 && 0x8000000000000000 < c -- cgit v1.2.3-54-g00ecf