Followers 0

# Crash in div/mod implementations

## 2 posts in this topic

The interpreter does not detect this operand pair as problematic before executing a division or modulo:
int int_min = -2147483648;
int neg_one = -1;
int never_computed = (int_min / neg_one);
int the_same_error = (int_min % neg_one);
The above AS code crashes with a system error like "floating point exception" on GNU/Linux x86.
The C++ signed division is usually compiled to an idiv instruction on x86.
The idiv instruction raises an error when trying to divide -2147483648 by -1 resulting in a crash of the AngelScript host application.
This is a common error in C and C++ code. People check for division by zero but are not aware of the described problem.
The same is true for modulo % (asBC_MODi) which also uses idiv.

The implementation of asBC_DIVi is lacking a check for -2147483648 / -1:
(Revision 1583, sdk/angelscript/source/as_context.cpp:2924)
case asBC_DIVi:
{
int divider = *(int*)(l_fp - asBC_SWORDARG2(l_bc));
if( divider == 0 )
{
// Need to move the values back to the context
m_regs.programPointer    = l_bc;
m_regs.stackPointer      = l_sp;
m_regs.stackFramePointer = l_fp;

// Raise exception
SetInternalException(TXT_DIVIDE_BY_ZERO);
return;
}
*(int*)(l_fp - asBC_SWORDARG0(l_bc)) = *(int*)(l_fp - asBC_SWORDARG1(l_bc)) / divider;
}
l_bc += 2;
break;

AngelScript should raise an exception before trying to divide -2147483648 by -1 like it does on division by zero. The implementations of asBC_DIVi and asBC_MODi have to be extended to cover this case.
If AngelScript does constant folding, the problem may be present in there, too.
0

##### Share on other sites

Hi TyRoXx,

I wasn't aware of this situation. I'll have it corrected asap.

And, yes, AngelScript does constant folding so I'll need to check the code there too. I suppose the 64bit division instruction works in a similar manner too.

Thanks for the report and very detailed explanation.

Regards,

Andreas

0

##### Share on other sites

I've added the checks for this situation in revision 1590.

Thanks,

Andreas

0

## Create an account

Register a new account