Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug: Potential Integer Overflow in debug tools Clay__IntToString function #80

Open
Rechenmaschine opened this issue Dec 22, 2024 · 2 comments

Comments

@Rechenmaschine
Copy link

The function Clay__IntToString(int integer) could overflow for INT_MIN due to signed integer negation (integer = -integer), possibly resulting in undefined behavior.

clay/clay.h

Lines 2281 to 2283 in a48d406

if (integer < 0) {
integer = -integer;
}

@nicbarker nicbarker changed the title Bug: Overflow in Clay__IntToString Bug: Potential Integer Overflow in debug tools Clay__IntToString function Dec 22, 2024
@nicbarker
Copy link
Owner

nicbarker commented Dec 22, 2024

Hello 🙂
This seems possible but I'm not sure that the implications are so severe - this is an internal function used for the debug tools, so it appears to me that the worst case is that the debug tools display the wrong value in the interface?

@Rechenmaschine
Copy link
Author

I did not check in detail where this function is used, but in the current context you're right, it seems just fine. That said, I wanted to point out at a potential problem that may arise from incorrect usage later 🙂.

Arithmetic overflow for signed integers is undefined behavior in the C standard. Depending on the compiler and platform, this could lead to more severe consequences than just displaying the wrong value in the interface, so it might be worth fixing to avoid relying on implementation-specific behavior.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants