From: Adhemerval Zanella Date: Fri, 2 May 2025 18:36:50 +0000 (-0300) Subject: math: Fix UB in ldbl-96 setayloadl X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4c3292f6340d31990a9846635ed9eae9a4871314;p=thirdparty%2Fglibc.git math: Fix UB in ldbl-96 setayloadl The code can shift the 1ULL for value larger than 32 depending of the exponent value. Building with ubsan triggers: $ math/test-ldouble-setpayload testing long double (without inline functions) UBSAN: Undefined behaviour in ../sysdeps/ieee754/ldbl-96/s_setpayloadl_main.c:48:32 shift exponent 16414 is too large for 32-bit type 'unsigned int' --- diff --git a/sysdeps/ieee754/ldbl-96/s_setpayloadl_main.c b/sysdeps/ieee754/ldbl-96/s_setpayloadl_main.c index 27b9931201..5105607472 100644 --- a/sysdeps/ieee754/ldbl-96/s_setpayloadl_main.c +++ b/sysdeps/ieee754/ldbl-96/s_setpayloadl_main.c @@ -45,7 +45,8 @@ FUNC (long double *x, long double payload) int shift = BIAS + EXPLICIT_MANT_DIG - exponent; if (shift < 32 ? (lx & ((1U << shift) - 1)) != 0 - : (lx != 0 || (hx & ((1U << (shift - 32)) - 1)) != 0)) + : shift < 64 ? (lx != 0 || (hx & ((1U << (shift - 32)) - 1)) != 0) + : 0) { SET_LDOUBLE_WORDS (*x, 0, 0, 0); return 1;