diff options
author | Ricardo M. Correia <rcorreia@wizy.org> | 2012-05-14 21:17:24 +0200 |
---|---|---|
committer | Luke Dashjr <luke-jr+git@utopios.org> | 2012-07-22 21:10:15 +0000 |
commit | 3bd1d6645ee39bb6a6e7b016d4cbfc15188b1a00 (patch) | |
tree | beb4996466081f68407da301ac60a36f38ab20d3 /src/bignum.h | |
parent | 580f7cd73189c6840b354c9ed6a0227161150fcc (diff) | |
download | bitcoin-3bd1d6645ee39bb6a6e7b016d4cbfc15188b1a00.tar.xz |
Fix signed subtraction overflow in CBigNum::setint64().
As noticed by sipa (Pieter Wuille), this can happen when CBigNum::setint64() is
called with an integer value of INT64_MIN (-2^63).
When compiled with -ftrapv, the program would crash. Otherwise, it would
execute an undefined operation (although in practice, usually the correct one).
Diffstat (limited to 'src/bignum.h')
-rw-r--r-- | src/bignum.h | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/bignum.h b/src/bignum.h index e203b26a05..1c1c1fc10f 100644 --- a/src/bignum.h +++ b/src/bignum.h @@ -130,7 +130,15 @@ public: if (sn < (int64)0) { - n = -sn; + // We negate in 2 steps to avoid signed subtraction overflow, + // i.e. -(-2^63), which is an undefined operation and causes SIGILL + // when compiled with -ftrapv. + // + // Note that uint64_t n = sn, when sn is an int64_t, is a + // well-defined operation and n will be equal to sn + 2^64 when sn + // is negative. + n = sn; + n = -n; fNegative = true; } else { n = sn; |