bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: glibc segfault on "special" long double values is _ok_!?


From: Nix
Subject: Re: glibc segfault on "special" long double values is _ok_!?
Date: Fri, 08 Jun 2007 00:14:34 +0100
User-agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.5-b27 (linux)

On 7 Jun 2007, Tor Myklebust outgrape:
> And the second variant can segfault if you replace 'float' by 'long
> double' (changing the format string appropriately) and you feed it
> something bad.  Why is this a good thing?

It's somewhat unusual for applications to accept double-format data over
the network or from files; but modulo byte-swapping, has anyone *ever*
seen an application that checks to be sure that the data it's received
is a valid IEEE754 floating-point number? I've never seen any such app,
I've never heard of anyone taking precautions under the assumption that
a double with a one-bit error (I think it's one bit, I've lost the start
of this thread) may cause core dumps if printed, and I've never
considered doing any such thing myself. It's generally assumed that
printing doubles is safe, no matter their origin.

I just checked with a bunch of numerics people in the office (they're in
financials so they're mostly contemputous of IEEE floating point types
but use them sometimes anyway) and every one expressed astonishment that
printing random bit patterns and pretending they are doubles could cause
crashes. Phrases like `oh shit we don't handle that, can it really
happen' were used: these guys write stuff that billions of dollars of
transactions rides on top of on a daily basis (and yes, these apps use
glibc, and yes, they snprintf() doubles at times, mostly for debugging's
sake: SIGSEGV is mostly trapped while that's done, but still).

(Thankfully AIUI this is an IA64 thing, and these apps aren't running on
IA64 nor ever expect to be.)

I'd say this behaviour violates the principle of least astonishment, at
least. Mind you, avoiding it does seem like it could be expensive: is
glibc supposed to validate the numbers every time, or twiddle with
signal handlers or something similar on every printf() call? I sort
of doubt that would fly: people moan about a bit of locking in libio
as it is.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]