[ python-Bugs-1545668 ] gcc trunk (4.2) exposes a signed integer overflows
Bugs item #1545668, was opened at 2006-08-23 23:14 Message generated for change (Comment added) made by tim_one You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1545668&group_id=5470 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Python Interpreter Core Group: Python 2.4 Status: Open Resolution: None Priority: 5 Submitted By: Jack Howarth (jwhowarth) >Assigned to: Nobody/Anonymous (nobody) Summary: gcc trunk (4.2) exposes a signed integer overflows Initial Comment: While building python 2.4.3 with the current gcc trunk (soon to be 4.2), I uncovered a signed integer overflows bug in Python with the help of one of the gcc developers. The bug I observed is documented in this gcc mailing list message... http://gcc.gnu.org/ml/gcc/2006-08/msg00436.html The gcc developer comments about its origin are in the messages... http://gcc.gnu.org/ml/gcc/2006-08/msg00434.html http://gcc.gnu.org/ml/gcc/2006-08/msg00442.html which in short says... It *is* a bug in python, here is the proof: https://codespeak.net/viewvc/vendor/cpython/Python-r243/dist/src/ Objects/intobject.c?revision=25647&view=markup Function * i_divmod*(*register* *long* x, *register* *long* y, the following lines: //* (-sys.maxint-1)/-1 is the only overflow case. *// *if* (y == -1 && x < 0 && x == -x) *return* DIVMOD_OVERFLOW; If overflow is barred then x==-x may happen only when x==0. This conflicts with x<0, which means that the compiler may assume that x<0 && x==-x always yields false. This may allow the compiler to eliminate the whole if statement. Hence, clearly python is at fault. -- >Comment By: Tim Peters (tim_one) Date: 2006-08-26 16:25 Message: Logged In: YES user_id=31435 Looks like the same deal as bug 1521947 (which was about similar code in PyOS_strtol()). -- Comment By: Jack Howarth (jwhowarth) Date: 2006-08-24 11:22 Message: Logged In: YES user_id=403009 Everyone involved in reviewing this patch should definitely read the following sequence of gcc mailing list messages which show the process by which this patch was arrived at... http://gcc.gnu.org/ml/gcc/2006-08/msg00434.html http://gcc.gnu.org/ml/gcc/2006-08/msg00436.html http://gcc.gnu.org/ml/gcc/2006-08/msg00437.html http://gcc.gnu.org/ml/gcc/2006-08/msg00443.html http://gcc.gnu.org/ml/gcc/2006-08/msg00446.html http://gcc.gnu.org/ml/gcc/2006-08/msg00447.html http://gcc.gnu.org/ml/gcc/2006-08/msg00449.html So we have had lots of gcc developer eyes on this problem and they all agree on the flaw and the fix as posted. It's unfortunate that I had to abuse their mailing list to get this addressed before python 2.5 gets released. -- Comment By: Neal Norwitz (nnorwitz) Date: 2006-08-24 11:00 Message: Logged In: YES user_id=33168 I grepped for ' == .*-[^1>]' and ' != .*-[^1>]' and didn't spot any other occurrences. -- Comment By: Sjoerd Mullender (sjoerd) Date: 2006-08-24 10:54 Message: Logged In: YES user_id=43607 Just a comment, I'm not claiming this bug. The test (x < 0 && x == -x) tests whether x is equal to the smallest negative number. If x is equal to -2147483648, then -x is also equal to -2147483648 due to overflow. What does this version of gcc do with this code when x = -2147483648? -- Comment By: Neal Norwitz (nnorwitz) Date: 2006-08-24 10:54 Message: Logged In: YES user_id=33168 Assigning to Tim, he likes these problems. :-) He recently fixed a similar problem in another piece of code. I'm going to try to grep and see if I can find more occurrences of this. -- Comment By: Jack Jansen (jackjansen) Date: 2006-08-24 10:37 Message: Logged In: YES user_id=45365 Hmm... intobject.c doesn't really have a "champion"... Neal, I'm assigning this to you purely on the ground that you're the last person to have edited this file. Feel free to pass on (but not back:-). -- Comment By: Jack Howarth (jwhowarth) Date: 2006-08-24 07:22 Message: Logged In: YES user_id=403009 The was a few other comments from the gcc developers on the proposed fix... http://gcc.gnu.org/ml/gcc/2006-08/msg00448.html http://gcc.gnu.org/ml/gcc/2006-08/msg00449.html ...so that since x is a long the more correct fix is... --- Python-2.4.3/Objects/intobject.c.org2006-08-24 07:06:51.0 -0400 +++ Python-2.4.3/Objects/intobject.c2006-08-24 07:08:06.0 -0400 @@ -479,7 +479,7 @@
[ python-Bugs-1545668 ] gcc trunk (4.2) exposes a signed integer overflows
Bugs item #1545668, was opened at 2006-08-23 23:14 Message generated for change (Comment added) made by tim_one You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1545668&group_id=5470 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Python Interpreter Core Group: Python 2.4 Status: Open Resolution: None >Priority: 8 Submitted By: Jack Howarth (jwhowarth) Assigned to: Nobody/Anonymous (nobody) Summary: gcc trunk (4.2) exposes a signed integer overflows Initial Comment: While building python 2.4.3 with the current gcc trunk (soon to be 4.2), I uncovered a signed integer overflows bug in Python with the help of one of the gcc developers. The bug I observed is documented in this gcc mailing list message... http://gcc.gnu.org/ml/gcc/2006-08/msg00436.html The gcc developer comments about its origin are in the messages... http://gcc.gnu.org/ml/gcc/2006-08/msg00434.html http://gcc.gnu.org/ml/gcc/2006-08/msg00442.html which in short says... It *is* a bug in python, here is the proof: https://codespeak.net/viewvc/vendor/cpython/Python-r243/dist/src/ Objects/intobject.c?revision=25647&view=markup Function * i_divmod*(*register* *long* x, *register* *long* y, the following lines: //* (-sys.maxint-1)/-1 is the only overflow case. *// *if* (y == -1 && x < 0 && x == -x) *return* DIVMOD_OVERFLOW; If overflow is barred then x==-x may happen only when x==0. This conflicts with x<0, which means that the compiler may assume that x<0 && x==-x always yields false. This may allow the compiler to eliminate the whole if statement. Hence, clearly python is at fault. -- >Comment By: Tim Peters (tim_one) Date: 2006-08-26 16:33 Message: Logged In: YES user_id=31435 Boosted priority to 8 since it was brought up on python-dev as a suggested 2.5 release-blocker. The patch in the first comment looks fine, if a release manager wants to apply it. Python 2.4 surely has the same "issue". -- Comment By: Tim Peters (tim_one) Date: 2006-08-26 16:25 Message: Logged In: YES user_id=31435 Looks like the same deal as bug 1521947 (which was about similar code in PyOS_strtol()). -- Comment By: Jack Howarth (jwhowarth) Date: 2006-08-24 11:22 Message: Logged In: YES user_id=403009 Everyone involved in reviewing this patch should definitely read the following sequence of gcc mailing list messages which show the process by which this patch was arrived at... http://gcc.gnu.org/ml/gcc/2006-08/msg00434.html http://gcc.gnu.org/ml/gcc/2006-08/msg00436.html http://gcc.gnu.org/ml/gcc/2006-08/msg00437.html http://gcc.gnu.org/ml/gcc/2006-08/msg00443.html http://gcc.gnu.org/ml/gcc/2006-08/msg00446.html http://gcc.gnu.org/ml/gcc/2006-08/msg00447.html http://gcc.gnu.org/ml/gcc/2006-08/msg00449.html So we have had lots of gcc developer eyes on this problem and they all agree on the flaw and the fix as posted. It's unfortunate that I had to abuse their mailing list to get this addressed before python 2.5 gets released. -- Comment By: Neal Norwitz (nnorwitz) Date: 2006-08-24 11:00 Message: Logged In: YES user_id=33168 I grepped for ' == .*-[^1>]' and ' != .*-[^1>]' and didn't spot any other occurrences. -- Comment By: Sjoerd Mullender (sjoerd) Date: 2006-08-24 10:54 Message: Logged In: YES user_id=43607 Just a comment, I'm not claiming this bug. The test (x < 0 && x == -x) tests whether x is equal to the smallest negative number. If x is equal to -2147483648, then -x is also equal to -2147483648 due to overflow. What does this version of gcc do with this code when x = -2147483648? -- Comment By: Neal Norwitz (nnorwitz) Date: 2006-08-24 10:54 Message: Logged In: YES user_id=33168 Assigning to Tim, he likes these problems. :-) He recently fixed a similar problem in another piece of code. I'm going to try to grep and see if I can find more occurrences of this. -- Comment By: Jack Jansen (jackjansen) Date: 2006-08-24 10:37 Message: Logged In: YES user_id=45365 Hmm... intobject.c doesn't really have a "champion"... Neal, I'm assigning this to you purely on the ground that you're the last person to have edited this file. Feel free to pass on (but not back:-). -- Comment By: Jack Howarth (jwhowarth) Date: 2006-08-24 07:22 Message: Logged In: YES user_id=403009 The was a few other co
[ python-Feature Requests-1547300 ] Wireless on Python
Feature Requests item #1547300, was opened at 2006-08-27 00:36 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=355470&aid=1547300&group_id=5470 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Python Library Group: Python 2.6 Status: Open Resolution: None Priority: 5 Submitted By: Ahmet Bişkinler (ahmetbiskinler) Assigned to: Nobody/Anonymous (nobody) Summary: Wireless on Python Initial Comment: It would be very nice if Python had a Wireless Module that works on all platforms. -- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=355470&aid=1547300&group_id=5470 ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[ python-Bugs-1545668 ] gcc trunk (4.2) exposes a signed integer overflows
Bugs item #1545668, was opened at 2006-08-24 04:14 Message generated for change (Comment added) made by dhopwood You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1545668&group_id=5470 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Python Interpreter Core Group: Python 2.4 Status: Open Resolution: None Priority: 8 Submitted By: Jack Howarth (jwhowarth) Assigned to: Nobody/Anonymous (nobody) Summary: gcc trunk (4.2) exposes a signed integer overflows Initial Comment: While building python 2.4.3 with the current gcc trunk (soon to be 4.2), I uncovered a signed integer overflows bug in Python with the help of one of the gcc developers. The bug I observed is documented in this gcc mailing list message... http://gcc.gnu.org/ml/gcc/2006-08/msg00436.html The gcc developer comments about its origin are in the messages... http://gcc.gnu.org/ml/gcc/2006-08/msg00434.html http://gcc.gnu.org/ml/gcc/2006-08/msg00442.html which in short says... It *is* a bug in python, here is the proof: https://codespeak.net/viewvc/vendor/cpython/Python-r243/dist/src/ Objects/intobject.c?revision=25647&view=markup Function * i_divmod*(*register* *long* x, *register* *long* y, the following lines: //* (-sys.maxint-1)/-1 is the only overflow case. *// *if* (y == -1 && x < 0 && x == -x) *return* DIVMOD_OVERFLOW; If overflow is barred then x==-x may happen only when x==0. This conflicts with x<0, which means that the compiler may assume that x<0 && x==-x always yields false. This may allow the compiler to eliminate the whole if statement. Hence, clearly python is at fault. -- Comment By: David Hopwood (dhopwood) Date: 2006-08-27 00:24 Message: Logged In: YES user_id=634468 The correct patch is the one that uses if (y == -1 && x < 0 && (unsigned long)x == -(unsigned long)x) The one that uses (unsigned int)x will break some 64-bit platforms where int != long. -- Comment By: Tim Peters (tim_one) Date: 2006-08-26 21:33 Message: Logged In: YES user_id=31435 Boosted priority to 8 since it was brought up on python-dev as a suggested 2.5 release-blocker. The patch in the first comment looks fine, if a release manager wants to apply it. Python 2.4 surely has the same "issue". -- Comment By: Tim Peters (tim_one) Date: 2006-08-26 21:25 Message: Logged In: YES user_id=31435 Looks like the same deal as bug 1521947 (which was about similar code in PyOS_strtol()). -- Comment By: Jack Howarth (jwhowarth) Date: 2006-08-24 16:22 Message: Logged In: YES user_id=403009 Everyone involved in reviewing this patch should definitely read the following sequence of gcc mailing list messages which show the process by which this patch was arrived at... http://gcc.gnu.org/ml/gcc/2006-08/msg00434.html http://gcc.gnu.org/ml/gcc/2006-08/msg00436.html http://gcc.gnu.org/ml/gcc/2006-08/msg00437.html http://gcc.gnu.org/ml/gcc/2006-08/msg00443.html http://gcc.gnu.org/ml/gcc/2006-08/msg00446.html http://gcc.gnu.org/ml/gcc/2006-08/msg00447.html http://gcc.gnu.org/ml/gcc/2006-08/msg00449.html So we have had lots of gcc developer eyes on this problem and they all agree on the flaw and the fix as posted. It's unfortunate that I had to abuse their mailing list to get this addressed before python 2.5 gets released. -- Comment By: Neal Norwitz (nnorwitz) Date: 2006-08-24 16:00 Message: Logged In: YES user_id=33168 I grepped for ' == .*-[^1>]' and ' != .*-[^1>]' and didn't spot any other occurrences. -- Comment By: Sjoerd Mullender (sjoerd) Date: 2006-08-24 15:54 Message: Logged In: YES user_id=43607 Just a comment, I'm not claiming this bug. The test (x < 0 && x == -x) tests whether x is equal to the smallest negative number. If x is equal to -2147483648, then -x is also equal to -2147483648 due to overflow. What does this version of gcc do with this code when x = -2147483648? -- Comment By: Neal Norwitz (nnorwitz) Date: 2006-08-24 15:54 Message: Logged In: YES user_id=33168 Assigning to Tim, he likes these problems. :-) He recently fixed a similar problem in another piece of code. I'm going to try to grep and see if I can find more occurrences of this. -- Comment By: Jack Jansen (jackjansen) Date: 2006-08-24 15:37 Message: Logged In: YES user_id=45365 Hmm... intobject.c doesn't really hav
