Page MenuHome GnuPG
Create Task
Maniphest T3249

sha256.c:265:3: runtime error: unsigned integer overflow: 4084723048 + 1633837952 cannot be represented in type 'unsigned int'
Closed, InvalidPublic
Actions

Description

Compiled libgcrypt 1.7.8 with bleading edge clang-5 ( 5.0.0 (trunk 305735)) and UBSan on Ubuntu 16.04 x64. Used the following flags:

-O2 -fno-omit-frame-pointer -g -fsanitize=address -fsanitize=undefined -fsanitize=integer -fsanitize-coverage=trace-pc-guard -fno-sanitize-recover=undefined -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fsanitize-undefined-trap-on-error -fno-sanitize-recover=all

Ran the following test:

libgcrypt-1.7.8/tests/hashtest
sha256.c:265:3: runtime error: unsigned integer overflow: 4084723048 + 1633837952 cannot be represented in type 'unsigned int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior sha256.c:265:3 in

Related Objects

Event Timeline

geeknik created this task.Jul 4 2017, 3:11 AM
gniibe closed this task as Invalid.Jul 4 2017, 4:52 AM
gniibe claimed this task.
gniibe triaged this task as Low priority.
gniibe added a subscriber: gniibe.

In the SHA2 computation, it is defined that addition is calculated modulo 2^32.
And in the C programming language, "unsigned integer" operation never overflows (it is defined as modulo).

So, this is not a bug.

I don't know why your tool says it's undefined behavior.

gniibe mentioned this in T3251: sha512.c:342:25: runtime error: unsigned integer overflow: 17296268247117069635 + 2271443192277056827 cannot be represented in type 'unsigned long'.Jul 4 2017, 4:54 AM
gniibe mentioned this in T3246: md5.c:119:3: runtime error: unsigned integer overflow: 2612846078 + 3614090360 cannot be represented in type 'unsigned int'.Jul 4 2017, 5:10 AM