151246 – signed integer overflow bug in dev-lang/python-2.4.3

Bug 151246 - signed integer overflow bug in dev-lang/python-2.4.3

Summary: signed integer overflow bug in dev-lang/python-2.4.3

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Python Gentoo Team

URL:
Whiteboard:
Keywords:

Duplicates (1):	148568 (view as bug list)
Depends on:
Blocks:	gcc-4.2
	Show dependency tree

Reported:	2006-10-13 17:36 UTC by Ryan Hill (RETIRED)
Modified:	2007-07-17 14:46 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
python-2.4.3-gcc42.patch (python-2.4.3-gcc42.patch,496 bytes, patch) 2006-10-13 17:38 UTC, Ryan Hill (RETIRED)	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ryan Hill (RETIRED) gentoo-dev

2006-10-13 17:36:14 UTC

Python 2.4.3 (and most likely previous versions) has a bug regarding signed integer overflows that is exposed when built with the current trunk of GCC (4.2).  Detailed info can be found at [1].  The short version:

> Michael Veklser wrote:
>
> It *is* a bug in python, here is the proof:
> https://codespeak.net/viewvc/vendor/cpython/Python-r243/dist/src/Objects/intobject.c?revision=25647&view=markup
> Function
>
> *    i_divmod*(*register* *long* x, *register* *long* y,
>
> the following lines:
>
> /        /* (-sys.maxint-1)/-1 is the only overflow case. *//
>     *if* (y == -1 && x < 0 && x == -x)
>         *return* DIVMOD_OVERFLOW;
>
> If overflow is barred then x==-x may happen only when x==0.
> This conflicts with x<0, which means that the compiler may assume
> that
>     x<0 && x==-x
> always yields false. This may allow the compiler to eliminate the whole if
> statement. Hence, clearly python is at fault.


This bug causes the testsuite to fail in test_builtin:

  test_builtin
  make: *** [test] Floating point exception
  LD_LIBRARY_PATH=/var/tmp/portage/python-2.4.3-r4/work/Python-2.4.3: ./python -E -tt ./Lib/test/regrtest.py -l -w
  test_grammar
  test_opcodes
  test_operations
  test_builtin
  make: *** [test] Floating point exception


It should be reproducible with:

  dirtyepic@tycho ~ $ python
  Python 2.4.3 (#1, Oct 11 2006, 19:20:54)
  [GCC 4.2.0-pre20061006  (experimental) (rev. 117527)] on linux2
  Type "help", "copyright", "credits" or "license" for more information.
  >>> import sys
  >>> divmod(-sys.maxint-1, -1)
  Floating point exception


The attached patch fixes the testsuite and example.

  dirtyepic@tycho ~ $ python
  Python 2.4.3 (#1, Oct 11 2006, 20:00:37)
  [GCC 4.2.0-pre20061006  (experimental) (rev. 117527)] on linux2
  Type "help", "copyright", "credits" or "license" for more information.
  >>> import sys
  >>> divmod(-sys.maxint-1, -1)
  (2147483648L, 0L)
  >>> (sys.maxint+1, 0)
  (2147483648L, 0)
  >>> divmod(-sys.maxint-1, -1) == (sys.maxint+1, 0)
  True

Like I said, this bug is also present in previous python versions, but considering it doesn't really show up unless GCC 4.2 is used, fixing those versions might not be worth it.  I haven't checked 2.5-r1.


[1] http://thread.gmane.org/gmane.comp.gcc.devel/80582/focus=81424

Comment 1 Ryan Hill (RETIRED) gentoo-dev

2006-10-13 17:38:49 UTC

Created attachment 99611 [details, diff]
python-2.4.3-gcc42.patch

Comment 2 Ryan Hill (RETIRED) gentoo-dev

2007-01-14 00:08:52 UTC

*** Bug 148568 has been marked as a duplicate of this bug. ***

Comment 3 Bryan Østergaard (RETIRED) gentoo-dev

2007-05-07 07:54:04 UTC

Looks like this is fixed in 2.4.4.