[llvm-bugs] [Bug 31456] New: UB when left shifting at llvm/lib/Fuzzer/FuzzerDriver.cpp:443

[via llvm-bugs]

https://llvm.org/bugs/show_bug.cgi?id=31456

            Bug ID: 31456
           Summary: UB when left shifting at
                    llvm/lib/Fuzzer/FuzzerDriver.cpp:443
           Product: new-bugs
           Version: trunk
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: ttaubert at mozilla.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

../../fuzz/libFuzzer/FuzzerDriver.cpp:443:73: runtime error: left shift of
1482473285005367997 by 10 places cannot be represented in type 'rep' (aka
'long')
    #0 0x514ea6 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char
const*, unsigned long))
/home/worker/nss/out/Debug/../../fuzz/libFuzzer/FuzzerDriver.cpp:443:73
    #1 0x508724 in main /home/worker/nss/out/Debug/../../fuzz/nssfuzz.cc:151:10
    #2 0x7f91efbfd82f in __libc_start_main
/build/glibc-t3gR2i/glibc-2.23/csu/../csu/libc-start.c:291
    #3 0x41ee98 in _start (/home/worker/dist/Debug/bin/nssfuzz+0x41ee98)

SUMMARY: AddressSanitizer: undefined-behavior
../../fuzz/libFuzzer/FuzzerDriver.cpp:443:73 in

The code is the following:

> // Initialize Seed.
> if (Seed == 0)
>   Seed = (std::chrono::system_clock::now().time_since_epoch().count() << 10) +
>          getpid();

I think this wants a static_cast<unsigned>(...) before shifting.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20161223/83b31138/attachment.html>