Jump to content

  • Log In with Google      Sign In   
  • Create Account


TyRoXx

Member Since 03 Mar 2013
Offline Last Active Apr 02 2013 02:14 AM

Topics I've Started

Crash in div/mod implementations

03 March 2013 - 04:33 PM

The interpreter does not detect this operand pair as problematic before executing a division or modulo:
int int_min = -2147483648;
int neg_one = -1;
int never_computed = (int_min / neg_one);
int the_same_error = (int_min % neg_one);
The above AS code crashes with a system error like "floating point exception" on GNU/Linux x86.
The C++ signed division is usually compiled to an idiv instruction on x86.
The idiv instruction raises an error when trying to divide -2147483648 by -1 resulting in a crash of the AngelScript host application.
This is a common error in C and C++ code. People check for division by zero but are not aware of the described problem.
The same is true for modulo % (asBC_MODi) which also uses idiv.

The implementation of asBC_DIVi is lacking a check for -2147483648 / -1:
(Revision 1583, sdk/angelscript/source/as_context.cpp:2924)
case asBC_DIVi:
		{
			int divider = *(int*)(l_fp - asBC_SWORDARG2(l_bc));
			if( divider == 0 )
			{
				// Need to move the values back to the context
				m_regs.programPointer    = l_bc;
				m_regs.stackPointer      = l_sp;
				m_regs.stackFramePointer = l_fp;

				// Raise exception
				SetInternalException(TXT_DIVIDE_BY_ZERO);
				return;
			}
			*(int*)(l_fp - asBC_SWORDARG0(l_bc)) = *(int*)(l_fp - asBC_SWORDARG1(l_bc)) / divider;
		}
		l_bc += 2;
		break;

AngelScript should raise an exception before trying to divide -2147483648 by -1 like it does on division by zero. The implementations of asBC_DIVi and asBC_MODi have to be extended to cover this case.
If AngelScript does constant folding, the problem may be present in there, too.

PARTNERS