[ruby-cvs:72928] shyouhei:r65828 (trunk): vm_insnhelper.c: recv -1 + 3 overflows

shyouhei at ruby-lang.org shyouhei at ruby-lang.org
Tue Nov 20 13:51:09 JST 2018

shyouhei	2018-11-20 13:51:09 +0900 (Tue, 20 Nov 2018)

  New Revision: 65828


    vm_insnhelper.c: recv -1 + 3 overflows
    Here, recv can be INT2FIX(-1), which is 0xFFFF_FFFFul.
    INT2FIX(1) is 3ul.  So `recv - 1 + INT2FIX(1)` is:
    recv              0xFFFF_FFFFul
    recv-1            0xFFFF_FFFEul (note: unsigned)
    recv-1+INT2FIX(1) 0x0000_0001ul Here is the overflow.
    Given recv is a Fixnum, it can never be 0xFFFF_FFFD.  0xFFFF_FFFF is
    the only value that can overflow this way, so special-casing this
    value should just suffice.

  Modified files:

More information about the ruby-cvs mailing list