Page MenuHome GnuPG

sha256.c:265:3: runtime error: unsigned integer overflow: 4084723048 + 1633837952 cannot be represented in type 'unsigned int'
Closed, InvalidPublic

Description

Compiled libgcrypt 1.7.8 with bleading edge clang-5 ( 5.0.0 (trunk 305735)) and UBSan on Ubuntu 16.04 x64. Used the following flags:

-O2 -fno-omit-frame-pointer -g -fsanitize=address -fsanitize=undefined -fsanitize=integer -fsanitize-coverage=trace-pc-guard -fno-sanitize-recover=undefined -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fsanitize-undefined-trap-on-error -fno-sanitize-recover=all

Ran the following test:

libgcrypt-1.7.8/tests/hashtest
sha256.c:265:3: runtime error: unsigned integer overflow: 4084723048 + 1633837952 cannot be represented in type 'unsigned int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior sha256.c:265:3 in

Event Timeline

gniibe claimed this task.
gniibe triaged this task as Low priority.
gniibe added a subscriber: gniibe.

In the SHA2 computation, it is defined that addition is calculated modulo 2^32.
And in the C programming language, "unsigned integer" operation never overflows (it is defined as modulo).

So, this is not a bug.

I don't know why your tool says it's undefined behavior.