From dz@426.ch  Sun Jun 12 13:50:38 2005
Return-Path: <dz@426.ch>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 76C9916A41F
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 12 Jun 2005 13:50:38 +0000 (GMT)
	(envelope-from dz@426.ch)
Received: from smtp4.netcologne.de (smtp4.netcologne.de [194.8.194.137])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2BFB343D1D
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 12 Jun 2005 13:50:37 +0000 (GMT)
	(envelope-from dz@426.ch)
Received: from trevize.426.ch (xdsl-81-173-169-181.netcologne.de [81.173.169.181])
	by smtp4.netcologne.de (Postfix) with ESMTP id 7BF21DA5A7
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 12 Jun 2005 15:50:36 +0200 (CEST)
Received: by trevize.a.426.ch (Postfix, from userid 1000)
	id 07AB6678E7; Sun, 12 Jun 2005 15:50:41 +0200 (CEST)
Message-Id: <20050612135041.07AB6678E7@trevize.a.426.ch>
Date: Sun, 12 Jun 2005 15:50:41 +0200 (CEST)
From: Derik van Zuetphen <dz@426.ch>
To: FreeBSD-gnats-submit@freebsd.org
Subject: m4's eval does not handle INT_MIN correctly
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         82161
>Category:       bin
>Synopsis:       [patch] m4(1) eval does not handle INT_MIN correctly
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bapt
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 12 14:00:34 GMT 2005
>Closed-Date:    Sat Jan 21 21:17:18 UTC 2012
>Last-Modified:  Sat Jan 21 21:17:18 UTC 2012
>Originator:     Derik van Zuetphen
>Release:        FreeBSD 5.4-RELEASE-p1 i386
>Organization:
>Environment:
System: FreeBSD trevize.a.426.ch 5.4-RELEASE-p1 FreeBSD 5.4-RELEASE-p1 #15: Mon May 30 14:32:58 CEST 2005 root@trevize.a.426.ch:/usr/obj/usr/src/sys/TREVIZE i386

>Description:

	When eval sees a negative number it first parses the positive part 
	and then negates it. Thus eval(-0x80000000) becomes
	eval(0x80000000) negated. unfortunately 0x80000000 equals 
	INT_MAX+1 any yields an unnoticed overflow.


>How-To-Repeat:
% echo "eval(-0x80000000)" | /usr/bin/m4
-(


After the patch:

% echo "eval(-0x80000000)" | ./m4       
m4: bad constant in expr -0x80000000.
0

>Fix:


diff -ruN --exclude=CVS current/expr.c my/expr.c
--- current/expr.c	Sat May  1 05:59:43 2004
+++ my/expr.c	Sun May 22 23:11:37 2005
@@ -50,6 +50,7 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD: src/usr.bin/m4/expr.c,v 1.14 2004/05/01 03:59:43 smkelly Exp $");
 
+#include <sys/limits.h>
 #include <sys/types.h>
 #include <ctype.h>
 #include <err.h>
@@ -568,7 +569,8 @@
 static int
 num(int mayeval)
 {
-	int rval, c, base;
+	unsigned int rval;
+	int c, base;
 	int ndig;
 
 	rval = 0;
@@ -614,10 +616,10 @@
 bad_digit:
 	ungetch();
 
-	if (ndig == 0)
+	if (ndig == 0 || rval > INT_MAX)
 		experr("bad constant");
 
-	return rval;
+	return (int)rval;
 }
 
 /*

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->gnats-admin 
Responsible-Changed-By: eadler 
Responsible-Changed-When: Sat Jan 21 20:55:50 UTC 2012 
Responsible-Changed-Why:  
please don't hate me 

http://www.freebsd.org/cgi/query-pr.cgi?pr=82161 
Responsible-Changed-From-To: gnats-admin->bapt 
Responsible-Changed-By: eadler 
Responsible-Changed-When: Sat Jan 21 20:56:19 UTC 2012 
Responsible-Changed-Why:  
please don't hate me 

http://www.freebsd.org/cgi/query-pr.cgi?pr=82161 
State-Changed-From-To: open->closed 
State-Changed-By: bapt 
State-Changed-When: Sat Jan 21 21:17:17 UTC 2012 
State-Changed-Why:  
On CURRENT with recent update this is fixed, it returns: m4: numeric 
overflow in expr: 0x80000000 

http://www.freebsd.org/cgi/query-pr.cgi?pr=82161 
>Unformatted:
