Fix undefined behavior in parse_int and add UBSan build script

Fix signed integer overflow when parsing INT_MIN (-2147483648) by negating in int64_t space before casting to int32_t. The previous code attempted to negate the result after casting, which is undefined behavior for INT_MIN. Also add bootstrap-cmake-linux-ubsan.sh for UBSan builds. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-18 01:11:17 +01:00 · 2026-01-09 07:50:28 +09:00
parent 9372bf99af
commit 744f6fcc8f
2 changed files with 13 additions and 1 deletions
--- a/scripts/bootstrap-cmake-linux-ubsan.sh
+++ b/scripts/bootstrap-cmake-linux-ubsan.sh
@@ -0,0 +1,12 @@
+curdir=`pwd`
+
+builddir=${curdir}/build_ubsan
+
+rm -rf ${builddir}
+mkdir ${builddir}
+
+cd ${builddir} && CXX=clang++ CC=clang cmake \
+  -DSANITIZE_UNDEFINED=1 \
+  -DCMAKE_VERBOSE_MAKEFILE=1 \
+  ..
+
--- a/src/tiny-string.cc
+++ b/src/tiny-string.cc
@@ -369,7 +369,7 @@ bool parse_int(const tstring_view &sv, int32_t *ret) {
    }
  }
  
-  *ret = negative ? -static_cast<int32_t>(result) : static_cast<int32_t>(result);
+  *ret = static_cast<int32_t>(negative ? -result : result);
  return true;
 }