From 2748e8793267126c5b40621d75d1930e358f057e Mon Sep 17 00:00:00 2001 From: pierrenn Date: Wed, 8 Apr 2020 15:10:28 +0900 Subject: [PATCH] script: prevent UB when computing abs value for num opcode serialize --- src/script/script.h | 2 +- src/test/fuzz/integer.cpp | 6 +----- src/test/fuzz/scriptnum_ops.cpp | 6 +----- 3 files changed, 3 insertions(+), 11 deletions(-) diff --git a/src/script/script.h b/src/script/script.h index 7aaa10b60bd..866517ba2d2 100644 --- a/src/script/script.h +++ b/src/script/script.h @@ -329,7 +329,7 @@ public: std::vector result; const bool neg = value < 0; - uint64_t absvalue = neg ? -value : value; + uint64_t absvalue = neg ? ~static_cast(value) + 1 : static_cast(value); while(absvalue) { diff --git a/src/test/fuzz/integer.cpp b/src/test/fuzz/integer.cpp index fff2fabd178..78ecc476630 100644 --- a/src/test/fuzz/integer.cpp +++ b/src/test/fuzz/integer.cpp @@ -135,11 +135,7 @@ void test_one_input(const std::vector& buffer) const CScriptNum script_num{i64}; (void)script_num.getint(); - // Avoid negation failure: - // script/script.h:332:35: runtime error: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself - if (script_num != CScriptNum{std::numeric_limits::min()}) { - (void)script_num.getvch(); - } + (void)script_num.getvch(); const arith_uint256 au256 = UintToArith256(u256); assert(ArithToUint256(au256) == u256); diff --git a/src/test/fuzz/scriptnum_ops.cpp b/src/test/fuzz/scriptnum_ops.cpp index 42b1432f13a..f4e079fb89b 100644 --- a/src/test/fuzz/scriptnum_ops.cpp +++ b/src/test/fuzz/scriptnum_ops.cpp @@ -129,10 +129,6 @@ void test_one_input(const std::vector& buffer) break; } (void)script_num.getint(); - // Avoid negation failure: - // script/script.h:332:35: runtime error: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself - if (script_num != CScriptNum{std::numeric_limits::min()}) { - (void)script_num.getvch(); - } + (void)script_num.getvch(); } }