Skip Menu |

This queue is for tickets about the Scalar-List-Utils CPAN distribution.

Report information
The Basics
Id: 105415
Status: resolved
Priority: 0/
Queue: Scalar-List-Utils
People
Owner: Nobody in particular
Requestors: JHI [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 1.42
Fixed in: 1.43

History Show all quoted text
  Mon Jun 22 20:09:43 2015 JHI [...] cpan.org - Ticket created
Subject: Coverity finding: Division or modulo by zero
CID 104785: Division or modulo by zero (DIVIDE_BY_ZERO) 238. divide_by_zero: In expression 9223372036854775807L / retiv, division by expression retiv which may be zero has undefined behavior. 215 if(!SvNOK(sv) && SvIOK(sv) && (SvIV(sv) < IV_MAX / retiv)) { 216 retiv *= SvIV(sv); 217 break; 218 }
  Tue Jun 23 12:21:19 2015 leonerd-cpan [...] leonerd.org.uk - Correspondence added
Huh. I wonder how nobody's ever noticed that before. It's trivially reproducible with any list of purely integers that includes the number zero; such as the attached test. Fixed in patch. -- Paul Evans
Subject: rt105415.patch
diff --git a/ListUtil.xs b/ListUtil.xs index 504c70e..77f42f8 100644 --- a/ListUtil.xs +++ b/ListUtil.xs @@ -212,7 +212,8 @@ CODE: break; case ACC_IV: if(is_product) { - if(!SvNOK(sv) && SvIOK(sv) && (SvIV(sv) < IV_MAX / retiv)) { + if(retiv == 0 || + (!SvNOK(sv) && SvIOK(sv) && (SvIV(sv) < IV_MAX / retiv))) { retiv *= SvIV(sv); break; } diff --git a/t/product.t b/t/product.t index c397f82..38c923b 100644 --- a/t/product.t +++ b/t/product.t @@ -3,7 +3,7 @@ use strict; use warnings; -use Test::More tests => 13; +use Test::More tests => 14; use List::Util qw(product); @@ -19,6 +19,9 @@ is( $v, 24, '4 args'); $v = product(-1); is( $v, -1, 'one -1'); +$v = product(0, 1, 2); +is( $v, 0, 'first factor zero' ); + my $x = -3; $v = product($x, 3);
  Tue Jun 23 12:21:20 2015 The RT System itself - Status changed from 'new' to 'open'
  Tue Jun 23 12:21:25 2015 leonerd-cpan [...] leonerd.org.uk - Status changed from 'open' to 'patched'
  Mon Feb 29 21:30:31 2016 JHI [...] cpan.org - Correspondence added
On Tue Jun 23 12:21:19 2015, PEVANS wrote: Show quoted text
> Huh. I wonder how nobody's ever noticed that before. It's trivially > reproducible with any list of purely integers that includes the number > zero; such as the attached test. > > Fixed in patch.
Since this is a definite crash/hang, now in blead as http://perl5.git.perl.org/perl.git/commitdiff/d962874bb2fb8159ec2e9f58745d6d02b56e84c7
  Wed Mar 09 19:00:23 2016 leonerd-cpan [...] leonerd.org.uk - Correspondence added
On Mon Feb 29 21:30:31 2016, JHI wrote: Show quoted text
> Since this is a definite crash/hang, now in blead as > > http://perl5.git.perl.org/perl.git/commitdiff/d962874bb2fb8159ec2e9f58745d6d02b56e84c7
This was already released as 1.43 -- Paul Evans
  Wed Mar 09 19:01:31 2016 leonerd-cpan [...] leonerd.org.uk - Status changed from 'patched' to 'resolved'
  Wed Mar 09 19:01:31 2016 leonerd-cpan [...] leonerd.org.uk - Fixed in 1.43 added