Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Negating or taking absolute values of maximally-negative OverflowSafeInt may result in undefined behaviour #8284

Closed
techgeeknz opened this issue Jul 29, 2020 · 1 comment · Fixed by #9451
Closed

Negating or taking absolute values of maximally-negative OverflowSafeInt may result in undefined behaviour #8284

techgeeknz opened this issue Jul 29, 2020 · 1 comment · Fixed by #9451

Comments

@techgeeknz
Copy link
Contributor

techgeeknz commented Jul 29, 2020
edited

As mentioned in #7924, OverflowSafeInt can produce incorrect results when the value underflows. This appears to be the result of undefined behaviour caused by taking the inverse or absolute value of T_MIN; the magnitude of which cannot usually be represented as a positive value of the same integer type.

I am not yet familiar with OpenTTD's continuous integration and regression testing system; however, I have an idea to work around the issue using typecasts to unsigned integers where appropriate.
techgeeknz added a commit to techgeeknz/OpenTTD that referenced this issue Jul 30, 2020
@techgeeknz
Fix: Avoid undefined behaviour in OverflowSafeInt
934bada 
Rewrite to avoid taking the absolute value of a maximally-negative
integer. Fixes OpenTTD#8284
techgeeknz added a commit to techgeeknz/OpenTTD that referenced this issue Jul 30, 2020
@techgeeknz
Fix: Avoid undefined behaviour in OverflowSafeInt
4022993 
Rewrite to avoid taking the absolute value of a maximally-negative
integer. Fixes OpenTTD#8284
@techgeeknz techgeeknz mentioned this issue Jul 30, 2020
Closed
@James103
Copy link
Contributor

James103 commented Aug 5, 2020

This can also lead to the following exploit, which was used to produce test cases for #8253 and JGRennison/OpenTTD-patches#164:

  1. Start a new game with any loan interest rate. For the fastest reproduction, set your loan interest rate to 4%.
  2. Max out your loan (ctrl-click "Borrow 10,000").
  3. Wait and fast forward for ~800 in-game years.
  4. Your money should now be equal (or very close to) INT64_MAX.

techgeeknz added a commit to techgeeknz/OpenTTD that referenced this issue Aug 23, 2020
@techgeeknz
Fix: Avoid undefined behaviour in OverflowSafeInt
cc36b7b 
Rewrite to avoid taking the absolute value of a maximally-negative
integer. Fixes OpenTTD#8284
techgeeknz added a commit to techgeeknz/OpenTTD that referenced this issue Aug 31, 2020
@techgeeknz
Fix: Avoid undefined behaviour in OverflowSafeInt
a5e7bb3 
Rewrite to avoid taking the absolute value of a maximally-negative
integer. Fixes OpenTTD#8284
JGRennison added a commit to JGRennison/OpenTTD-patches that referenced this issue Oct 2, 2020
@JGRennison
Fix OverflowSafeInt negation not handling INT64_MIN
609f37c 
See: OpenTTD/OpenTTD#8284
JGRennison added a commit to JGRennison/OpenTTD-patches that referenced this issue Oct 2, 2020
@JGRennison
Fix OverflowSafeInt INT64_MIN handling when not using overflow builtins
db0e25f 
See: OpenTTD/OpenTTD#8284
@LordAro LordAro mentioned this issue Jul 19, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@techgeeknz @James103