Sign in to follow this  

Crash in div/mod implementations

This topic is 1775 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

The interpreter does not detect this operand pair as problematic before executing a division or modulo:
int int_min = -2147483648;
int neg_one = -1;
int never_computed = (int_min / neg_one);
int the_same_error = (int_min % neg_one);
The above AS code crashes with a system error like "floating point exception" on GNU/Linux x86.
The C++ signed division is usually compiled to an idiv instruction on x86.
The idiv instruction raises an error when trying to divide -2147483648 by -1 resulting in a crash of the AngelScript host application.
This is a common error in C and C++ code. People check for division by zero but are not aware of the described problem.
The same is true for modulo % (asBC_MODi) which also uses idiv.

The implementation of asBC_DIVi is lacking a check for -2147483648 / -1:
(Revision 1583, sdk/angelscript/source/as_context.cpp:2924)
case asBC_DIVi:
		{
			int divider = *(int*)(l_fp - asBC_SWORDARG2(l_bc));
			if( divider == 0 )
			{
				// Need to move the values back to the context
				m_regs.programPointer    = l_bc;
				m_regs.stackPointer      = l_sp;
				m_regs.stackFramePointer = l_fp;

				// Raise exception
				SetInternalException(TXT_DIVIDE_BY_ZERO);
				return;
			}
			*(int*)(l_fp - asBC_SWORDARG0(l_bc)) = *(int*)(l_fp - asBC_SWORDARG1(l_bc)) / divider;
		}
		l_bc += 2;
		break;

AngelScript should raise an exception before trying to divide -2147483648 by -1 like it does on division by zero. The implementations of asBC_DIVi and asBC_MODi have to be extended to cover this case.
If AngelScript does constant folding, the problem may be present in there, too.

Share this post


Link to post
Share on other sites

Hi TyRoXx,

 

I wasn't aware of this situation. I'll have it corrected asap. 

 

And, yes, AngelScript does constant folding so I'll need to check the code there too. I suppose the 64bit division instruction works in a similar manner too. 

 

Thanks for the report and very detailed explanation.

 

Regards,

Andreas

Share this post


Link to post
Share on other sites
Sign in to follow this