This program crashes inside printf of a pseudo-zero 'long double' number. ============================== ia64nan.c ================================ #include <float.h> #include <math.h> #include <stdio.h> union u { unsigned int word[4]; long double value; }; #define X x.value void test (const char *label, union u x) { printf ("%s:\n", label); printf ("isnanl: %d %d %d\n", isnanl(X) != 0, !(X == X), !(X >= 0 || X <= 0)); printf ("isinfl: %d %d\n", isinfl(X) != 0, X + X == X && !(X == 0)); printf ("printf: %Le %Lg\n", X, X); printf ("printf normalized: %Lg\n", X * 1.0L); printf ("\n"); } int main () { { union u x = { { 0x00000000, 0x63333333, 0x00008000, 0x00000000 } }; test ("unnormalized number", x); } { union u x = { { 0x00000000, 0xC3333333, 0x0000FFFF, 0x00000000 } }; test ("QNaN", x); } { union u x = { { 0x00000000, 0x83333333, 0x0000FFFF, 0x00000000 } }; test ("SNaN", x); } { union u x = { { 0x00000000, 0x80000000, 0x0000FFFF, 0x00000000 } }; test ("Inf", x); } { union u x = { { 0x00000000, 0x40000001, 0x0000ffff, 0x00000000 } }; test ("Pseudo-NaN", x); } { union u x = { { 0x00000000, 0x00000000, 0x0000ffff, 0x00000000 } }; test ("Pseudo-Inf", x); } { union u x = { { 0x00000000, 0x00000000, 0x00008004, 0x00000000 } }; test ("Pseudo-Zero", x); } return 0; } ========================================================================= $ gcc -O -fno-builtin -Wall ia64nan.c $ ./a.out unnormalized number: isnanl: 0 0 0 isinfl: 0 0 printf: -2.605630e-4932 -2.60563e-4932 printf normalized: -2.60563e-4932 QNaN: isnanl: 1 1 1 isinfl: 0 0 printf: nan nan printf normalized: nan SNaN: isnanl: 1 1 1 isinfl: 0 0 printf: nan nan printf normalized: nan Inf: isnanl: 0 0 0 isinfl: 1 1 printf: -inf -inf printf normalized: -inf Pseudo-NaN: isnanl: 0 1 1 isinfl: 0 0 printf: -5.948657e+4931 -5.94866e+4931 printf normalized: -5.94866e+4931 Pseudo-Inf: isnanl: 0 1 1 isinfl: 0 0 printf: -0.000000e+4912 -0e+4912 printf normalized: -0e+4912 Pseudo-Zero: isnanl: 0 0 0 isinfl: 0 0 Segmentation fault According to Intel IA-64 Architecture Software Developer's Manual, Volume 1: Application Architecture. 5.1.3 "Representation of Values in Floating-Point Registers" Table 5-2 "Floating-Point Register Encodings" Figure 5-11 "Floating-Point Exception Fault Prioritization" pseudo-NaNs, pseudo-Infs, pseudo-zeroes "are never produced as a result of an arithmetic operation", i.e. they may be considered to live outside the IRRR 754 range of numbers. But it would be nice if printf would not crash here, because 1) printf is often used for debugging. This is also the reason why printf("%s", NULL) prints "(null)" instead of crashing. 2) Arithmetic operations on pseudo-NaNs, pseudo-Infs, pseudo-zeroes don't cause program crashes, if operations on "signalling NaNs" don't cause program crashes (see Figure 5-11, cited above); this is the default behaviour, as you can see from the program's output. Additionally, the printf results for pseudo-NaN and pseudo-Inf should better be "nan", because these numbers behave like NaNs in comparisons, as you can see from the program's output. For comparison: On FreeBSD/ia64, printf of pseudo-NaN, pseudo-Inf, pseudo-zero yields "nan", "[-]inf", "[-]0" respectively.
Trap representations invoke undefined behaviour.
Subject: Bug 4586 CVSROOT: /cvs/glibc Module name: libc Branch: fedora-branch Changes by: jakub@sourceware.org 2007-07-07 19:59:10 Modified files: . : ChangeLog sysdeps/i386 : ldbl2mpn.c Log message: [BZ #4586] * sysdeps/i386/ldbl2mpn.c (__mpn_extract_long_double): Treat pseudo-zeros as zero. * sysdeps/x86_64/ldbl2mpn.c: New file. * sysdeps/ia64/ldbl2mpn.c: New file. Patches: http://sourceware.org/cgi-bin/cvsweb.cgi/libc/ChangeLog.diff?cvsroot=glibc&only_with_tag=fedora-branch&r1=1.8782.2.256&r2=1.8782.2.257 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/i386/ldbl2mpn.c.diff?cvsroot=glibc&only_with_tag=fedora-branch&r1=1.4&r2=1.4.4.1
Subject: Bug 4586 CVSROOT: /cvs/glibc Module name: libc Branch: fedora-branch Changes by: jakub@sourceware.org 2007-07-07 19:59:56 Added files: sysdeps/ia64 : ldbl2mpn.c sysdeps/x86_64 : ldbl2mpn.c Log message: [BZ #4586] * sysdeps/i386/ldbl2mpn.c (__mpn_extract_long_double): Treat pseudo-zeros as zero. * sysdeps/x86_64/ldbl2mpn.c: New file. * sysdeps/ia64/ldbl2mpn.c: New file. Patches: http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/ia64/ldbl2mpn.c.diff?cvsroot=glibc&only_with_tag=fedora-branch&r1=NONE&r2=1.1.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/x86_64/ldbl2mpn.c.diff?cvsroot=glibc&only_with_tag=fedora-branch&r1=NONE&r2=1.1.2.1
Subject: Bug 4586 CVSROOT: /cvs/glibc Module name: libc Branch: glibc-2_6-branch Changes by: jakub@sourceware.org 2007-07-12 13:29:44 Modified files: . : ChangeLog dlfcn : dlinfo.c elf : dl-addr.c dl-close.c dl-iteratephdr.c dl-load.c dl-lookup.c dl-minimal.c dl-object.c dl-open.c dl-runtime.c dl-support.c dl-sym.c dl-sysdep.c do-lookup.h rtld.c include : link.h malloc : Makefile arena.c hooks.c malloc.c mcheck.c math : test-misc.c nis : nss-default.c nptl : ChangeLog Makefile allocatestack.c descr.h init.c pthreadP.h pthread_getattr_np.c pthread_mutex_lock.c pthread_mutex_timedlock.c pthread_mutex_trylock.c nptl/sysdeps/alpha: tls.h nptl/sysdeps/i386: tls.h nptl/sysdeps/ia64: tls.h nptl/sysdeps/powerpc: tls.h nptl/sysdeps/s390: tls.h nptl/sysdeps/sh: tls.h nptl/sysdeps/sparc: tls.h nptl/sysdeps/unix/sysv/linux/i386/i486: sem_timedwait.S nptl/sysdeps/unix/sysv/linux/x86_64: sem_timedwait.S nptl/sysdeps/x86_64: tls.h nscd : nscd_helper.c rt : tst-shm.c stdio-common : Makefile tst-sprintf.c vfprintf.c vfscanf.c sysdeps/generic: ldsodefs.h sysdeps/i386 : ldbl2mpn.c sysdeps/ieee754/ldbl-128ibm: mpn2ldbl.c printf_fphex.c s_fpclassifyl.c s_nextafterl.c sysdeps/unix/sysv/linux: Makefile syscalls.list sysdeps/unix/sysv/linux/i386: sync_file_range.S sysdeps/unix/sysv/linux/x86_64: sysconf.c sysdeps/unix/sysv/linux/x86_64/sys: epoll.h sysdeps/x86_64 : Makefile memcpy.S mempcpy.S Added files: nptl : tst-robust9.c tst-robustpi9.c tst-sem10.c stdio-common : bug18.c bug18a.c bug19.c bug19a.c tst-sprintf2.c sysdeps/ia64 : ldbl2mpn.c sysdeps/unix/sysv/linux: epoll_pwait.c sysdeps/unix/sysv/linux/i386: epoll_pwait.S sysdeps/x86_64 : cacheinfo.c ldbl2mpn.c sysdeps/x86_64/fpu: k_cosl.c k_rem_pio2l.c k_sinl.c k_tanl.c Log message: [BZ #4745] [BZ #4586] [BZ #4702] [BZ #4525] [BZ #4514] [BZ #4512] Merge selected bugfixes from the trunk. Patches: http://sourceware.org/cgi-bin/cvsweb.cgi/libc/ChangeLog.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.10640&r2=1.10640.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/dlfcn/dlinfo.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.7&r2=1.7.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/elf/dl-addr.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.33&r2=1.33.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/elf/dl-close.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.126&r2=1.126.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/elf/dl-iteratephdr.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.14&r2=1.14.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/elf/dl-load.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.284&r2=1.284.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/elf/dl-lookup.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.126&r2=1.126.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/elf/dl-minimal.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.53&r2=1.53.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/elf/dl-object.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.43&r2=1.43.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/elf/dl-open.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.139&r2=1.139.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/elf/dl-runtime.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.75&r2=1.75.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/elf/dl-support.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.92&r2=1.92.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/elf/dl-sym.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.34&r2=1.34.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/elf/dl-sysdep.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.2&r2=1.2.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/elf/do-lookup.h.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.36&r2=1.36.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/elf/rtld.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.370&r2=1.370.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/include/link.h.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.44&r2=1.44.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/malloc/Makefile.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.54&r2=1.54.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/malloc/arena.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.27&r2=1.27.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/malloc/hooks.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.21&r2=1.21.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/malloc/malloc.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.178&r2=1.178.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/malloc/mcheck.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.18&r2=1.18.10.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/math/test-misc.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.23&r2=1.23.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nis/nss-default.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.3&r2=1.3.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/tst-robust9.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=NONE&r2=1.2.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/tst-robustpi9.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=NONE&r2=1.1.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/tst-sem10.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=NONE&r2=1.1.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/ChangeLog.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.970&r2=1.970.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/Makefile.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.188&r2=1.188.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/allocatestack.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.65&r2=1.65.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/descr.h.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.39&r2=1.39.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/init.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.60&r2=1.60.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/pthreadP.h.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.64&r2=1.64.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/pthread_getattr_np.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.12&r2=1.12.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/pthread_mutex_lock.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.15&r2=1.15.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/pthread_mutex_timedlock.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.11&r2=1.11.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/pthread_mutex_trylock.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.13&r2=1.13.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/sysdeps/alpha/tls.h.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.7&r2=1.7.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/sysdeps/i386/tls.h.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.33&r2=1.33.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/sysdeps/ia64/tls.h.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.12&r2=1.12.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/sysdeps/powerpc/tls.h.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.12&r2=1.12.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/sysdeps/s390/tls.h.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.15&r2=1.15.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/sysdeps/sh/tls.h.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.11&r2=1.11.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/sysdeps/sparc/tls.h.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.8&r2=1.8.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/sysdeps/unix/sysv/linux/i386/i486/sem_timedwait.S.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.8&r2=1.8.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/sysdeps/unix/sysv/linux/x86_64/sem_timedwait.S.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.11&r2=1.11.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nptl/sysdeps/x86_64/tls.h.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.28&r2=1.28.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nscd/nscd_helper.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.22&r2=1.22.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/rt/tst-shm.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.5&r2=1.5.12.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/stdio-common/bug18.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=NONE&r2=1.2.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/stdio-common/bug18a.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=NONE&r2=1.1.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/stdio-common/bug19.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=NONE&r2=1.1.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/stdio-common/bug19a.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=NONE&r2=1.1.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/stdio-common/tst-sprintf2.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=NONE&r2=1.2.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/stdio-common/Makefile.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.100&r2=1.100.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/stdio-common/tst-sprintf.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.3&r2=1.3.12.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/stdio-common/vfprintf.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.139&r2=1.139.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/stdio-common/vfscanf.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.123&r2=1.123.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/generic/ldsodefs.h.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.134&r2=1.134.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/i386/ldbl2mpn.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.4&r2=1.4.14.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/ia64/ldbl2mpn.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=NONE&r2=1.1.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/ieee754/ldbl-128ibm/mpn2ldbl.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.1&r2=1.1.6.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/ieee754/ldbl-128ibm/printf_fphex.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.1&r2=1.1.6.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/ieee754/ldbl-128ibm/s_fpclassifyl.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.1&r2=1.1.6.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/ieee754/ldbl-128ibm/s_nextafterl.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.2&r2=1.2.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/unix/sysv/linux/epoll_pwait.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=NONE&r2=1.1.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/unix/sysv/linux/Makefile.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.151&r2=1.151.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/unix/sysv/linux/syscalls.list.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.130&r2=1.130.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/unix/sysv/linux/i386/epoll_pwait.S.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=NONE&r2=1.2.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/unix/sysv/linux/i386/sync_file_range.S.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.1&r2=1.1.6.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/unix/sysv/linux/x86_64/sysconf.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.7&r2=1.7.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/unix/sysv/linux/x86_64/sys/epoll.h.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.3&r2=1.3.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/x86_64/cacheinfo.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=NONE&r2=1.3.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/x86_64/ldbl2mpn.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=NONE&r2=1.1.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/x86_64/Makefile.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.4&r2=1.4.12.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/x86_64/memcpy.S.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.5&r2=1.5.6.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/x86_64/mempcpy.S.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=1.3&r2=1.3.6.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/x86_64/fpu/k_cosl.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=NONE&r2=1.1.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/x86_64/fpu/k_rem_pio2l.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=NONE&r2=1.1.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/x86_64/fpu/k_sinl.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=NONE&r2=1.1.4.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/x86_64/fpu/k_tanl.c.diff?cvsroot=glibc&only_with_tag=glibc-2_6-branch&r1=NONE&r2=1.1.4.1
Subject: Bug 4586 CVSROOT: /cvs/glibc Module name: libc Branch: glibc-2_5-branch Changes by: jakub@sourceware.org 2007-07-12 15:30:07 Modified files: . : ChangeLog sysdeps/i386 : ldbl2mpn.c Added files: sysdeps/ia64 : ldbl2mpn.c sysdeps/x86_64 : ldbl2mpn.c Log message: 2007-06-06 Jakub Jelinek <jakub@redhat.com> [BZ #4586] * sysdeps/i386/ldbl2mpn.c (__mpn_extract_long_double): Treat pseudo-zeros as zero. * sysdeps/x86_64/ldbl2mpn.c: New file. * sysdeps/ia64/ldbl2mpn.c: New file. Patches: http://sourceware.org/cgi-bin/cvsweb.cgi/libc/ChangeLog.diff?cvsroot=glibc&only_with_tag=glibc-2_5-branch&r1=1.10362.2.89&r2=1.10362.2.90 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/i386/ldbl2mpn.c.diff?cvsroot=glibc&only_with_tag=glibc-2_5-branch&r1=1.4&r2=1.4.10.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/ia64/ldbl2mpn.c.diff?cvsroot=glibc&only_with_tag=glibc-2_5-branch&r1=NONE&r2=1.1.6.1 http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sysdeps/x86_64/ldbl2mpn.c.diff?cvsroot=glibc&only_with_tag=glibc-2_5-branch&r1=NONE&r2=1.1.6.1
The master branch has been updated by Joseph Myers <jsm28@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9333498794cde1d5cca518badf79533a24114b6f commit 9333498794cde1d5cca518badf79533a24114b6f Author: Joseph Myers <joseph@codesourcery.com> Date: Wed Feb 12 23:31:56 2020 +0000 Avoid ldbl-96 stack corruption from range reduction of pseudo-zero (bug 25487). Bug 25487 reports stack corruption in ldbl-96 sinl on a pseudo-zero argument (an representation where all the significand bits, including the explicit high bit, are zero, but the exponent is not zero, which is not a valid representation for the long double type). Although this is not a valid long double representation, existing practice in this area (see bug 4586, originally marked invalid but subsequently fixed) is that we still seek to avoid invalid memory accesses as a result, in case of programs that treat arbitrary binary data as long double representations, although the invalid representations of the ldbl-96 format do not need to be consistently handled the same as any particular valid representation. This patch makes the range reduction detect pseudo-zero and unnormal representations that would otherwise go to __kernel_rem_pio2, and returns a NaN for them instead of continuing with the range reduction process. (Pseudo-zero and unnormal representations whose unbiased exponent is less than -1 have already been safely returned from the function before this point without going through the rest of range reduction.) Pseudo-zero representations would previously result in the value passed to __kernel_rem_pio2 being all-zero, which is definitely unsafe; unnormal representations would previously result in a value passed whose high bit is zero, which might well be unsafe since that is not a form of input expected by __kernel_rem_pio2. Tested for x86_64.
The release/2.29/master branch has been updated by Patricia Franklin <patsy@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0474cd5de60448f31d7b872805257092faa626e4 commit 0474cd5de60448f31d7b872805257092faa626e4 Author: Joseph Myers <joseph@codesourcery.com> Date: Wed Feb 12 23:31:56 2020 +0000 Avoid ldbl-96 stack corruption from range reduction of pseudo-zero (bug 25487). Bug 25487 reports stack corruption in ldbl-96 sinl on a pseudo-zero argument (an representation where all the significand bits, including the explicit high bit, are zero, but the exponent is not zero, which is not a valid representation for the long double type). Although this is not a valid long double representation, existing practice in this area (see bug 4586, originally marked invalid but subsequently fixed) is that we still seek to avoid invalid memory accesses as a result, in case of programs that treat arbitrary binary data as long double representations, although the invalid representations of the ldbl-96 format do not need to be consistently handled the same as any particular valid representation. This patch makes the range reduction detect pseudo-zero and unnormal representations that would otherwise go to __kernel_rem_pio2, and returns a NaN for them instead of continuing with the range reduction process. (Pseudo-zero and unnormal representations whose unbiased exponent is less than -1 have already been safely returned from the function before this point without going through the rest of range reduction.) Pseudo-zero representations would previously result in the value passed to __kernel_rem_pio2 being all-zero, which is definitely unsafe; unnormal representations would previously result in a value passed whose high bit is zero, which might well be unsafe since that is not a form of input expected by __kernel_rem_pio2. Tested for x86_64. (cherry picked from commit 9333498794cde1d5cca518badf79533a24114b6f)
The release/2.27/master branch has been updated by Dmitry Levin <ldv@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=59420258afaf73dc8fab63ce186bac792613fe08 commit 59420258afaf73dc8fab63ce186bac792613fe08 Author: Joseph Myers <joseph@codesourcery.com> Date: Wed Feb 12 23:31:56 2020 +0000 Avoid ldbl-96 stack corruption from range reduction of pseudo-zero (bug 25487). Bug 25487 reports stack corruption in ldbl-96 sinl on a pseudo-zero argument (an representation where all the significand bits, including the explicit high bit, are zero, but the exponent is not zero, which is not a valid representation for the long double type). Although this is not a valid long double representation, existing practice in this area (see bug 4586, originally marked invalid but subsequently fixed) is that we still seek to avoid invalid memory accesses as a result, in case of programs that treat arbitrary binary data as long double representations, although the invalid representations of the ldbl-96 format do not need to be consistently handled the same as any particular valid representation. This patch makes the range reduction detect pseudo-zero and unnormal representations that would otherwise go to __kernel_rem_pio2, and returns a NaN for them instead of continuing with the range reduction process. (Pseudo-zero and unnormal representations whose unbiased exponent is less than -1 have already been safely returned from the function before this point without going through the rest of range reduction.) Pseudo-zero representations would previously result in the value passed to __kernel_rem_pio2 being all-zero, which is definitely unsafe; unnormal representations would previously result in a value passed whose high bit is zero, which might well be unsafe since that is not a form of input expected by __kernel_rem_pio2. Tested for x86_64. (cherry picked from commit 9333498794cde1d5cca518badf79533a24114b6f)
This was fixed in 2020 with the work to handle pseudo-zero. Changing from RESOLVED INVALID to RESOLVED FIXED.
Adding the specific bug that tracked the printf fix. *** This bug has been marked as a duplicate of bug 26649 ***