Some asserts to demonstrate undefined behaviour

Author: matthiasgoergens

Modules/_ctypes/cfield.c

@@ -419,11 +419,13 @@ get_ulonglong(PyObject *v, unsigned long long *p)
 */
 #define GET_BITFIELD(v, size)                                           \
     if (NUM_BITS(size)) {                                               \
+        assert(0 <= v);                                                 \
         v <<= (sizeof(v)*8 - LOW_BIT(size) - NUM_BITS(size));           \
         v >>= (sizeof(v)*8 - NUM_BITS(size));                           \
     }
 
-/* This macro RETURNS the first parameter with the bit field CHANGED. */
+/* This macro RETURNS the second parameter (x) with the bit field CHANGED. */
+// TODO: this one has UB, but I can't quite figure out the assert.
 #define SET(type, x, v, size)                                                 \
     (NUM_BITS(size) ?                                                   \
      ( ( (type)x & ~(BIT_MASK(type, size) << LOW_BIT(size)) ) | ( ((type)v & BIT_MASK(type, size)) << LOW_BIT(size) ) ) \
@@ -769,6 +771,15 @@ l_set(void *ptr, PyObject *value, Py_ssize_t size)
     if (get_long(value, &val) < 0)
         return NULL;
     memcpy(&x, ptr, sizeof(x));
+    assert(
+        (NUM_BITS(size) - 1) < 63
+        );
+    assert(
+        NUM_BITS(size) ? (0 <= BIT_MASK(long, size)) : true
+    );
+
+    // TODO: figure out the proper assert here.
+    // Modules/_ctypes/cfield.c:789:9: runtime error: left shift of 1 by 63 places cannot be represented in type 'long'
     x = SET(long, x, val, size);
     memcpy(ptr, &x, sizeof(x));
     _RET(value);

Modules/_struct.c

@@ -812,11 +812,16 @@ bu_int(_structmodulestate *state, const char *p, const formatdef *f)
     Py_ssize_t i = f->size;
     const unsigned char *bytes = (const unsigned char *)p;
     do {
+        assert(0 <= x);
+        assert(x <= (LLONG_MAX>>8));
         x = (x<<8) | *bytes++;
     } while (--i > 0);
     /* Extend the sign bit. */
-    if (SIZEOF_LONG > f->size)
+    if (SIZEOF_LONG > f->size) {
+        assert(8 * f->size - 1 < 8 * SIZEOF_LONG_LONG - 1);
+        assert(0 <= 8 * f->size - 1);
         x |= -(x & (1L << ((8 * f->size) - 1)));
+    }
     return PyLong_FromLong(x);
 }
 
@@ -839,11 +844,16 @@ bu_longlong(_structmodulestate *state, const char *p, const formatdef *f)
     Py_ssize_t i = f->size;
     const unsigned char *bytes = (const unsigned char *)p;
     do {
+        assert(x >= 0);
+        assert(x <= (LLONG_MAX>>8));
         x = (x<<8) | *bytes++;
     } while (--i > 0);
     /* Extend the sign bit. */
-    if (SIZEOF_LONG_LONG > f->size)
+    if (SIZEOF_LONG_LONG > f->size) {
+        assert(8 * f->size - 1 < 8 * SIZEOF_LONG_LONG - 1);
+        assert(0 <= 8 * f->size - 1);
         x |= -(x & ((long long)1 << ((8 * f->size) - 1)));
+    }
     return PyLong_FromLongLong(x);
 }
 
@@ -1033,11 +1043,16 @@ lu_int(_structmodulestate *state, const char *p, const formatdef *f)
     Py_ssize_t i = f->size;
     const unsigned char *bytes = (const unsigned char *)p;
     do {
+        assert(0 <= x);
+        assert(x <= (LONG_MAX>>8));
         x = (x<<8) | bytes[--i];
     } while (i > 0);
     /* Extend the sign bit. */
-    if (SIZEOF_LONG > f->size)
+    if (SIZEOF_LONG > f->size) {
+        assert(8 * f->size - 1 < 8 * SIZEOF_LONG - 1);
+        assert(0 <= 8 * f->size - 1);
         x |= -(x & (1L << ((8 * f->size) - 1)));
+    }
     return PyLong_FromLong(x);
 }
 
@@ -1060,11 +1075,16 @@ lu_longlong(_structmodulestate *state, const char *p, const formatdef *f)
     Py_ssize_t i = f->size;
     const unsigned char *bytes = (const unsigned char *)p;
     do {
+        assert(0 <= x);
+        assert(x <= (LLONG_MAX>>8));
         x = (x<<8) | bytes[--i];
     } while (i > 0);
     /* Extend the sign bit. */
-    if (SIZEOF_LONG_LONG > f->size)
+    if (SIZEOF_LONG_LONG > f->size) {
+        assert(8 * f->size - 1 < 8 * SIZEOF_LONG_LONG - 1);
+        assert(0 <= 8 * f->size - 1);
         x |= -(x & ((long long)1 << ((8 * f->size) - 1)));
+    }
     return PyLong_FromLongLong(x);
 }
 

Modules/_testcapimodule.c

@@ -4918,6 +4918,7 @@ meth_fastcall_keywords(PyObject* self, PyObject* const* args,
     if (pyargs == NULL) {
         return NULL;
     }
+    assert(args != NULL);
     PyObject *pykwargs = PyObject_Vectorcall((PyObject*)&PyDict_Type,
                                               args + nargs, 0, kwargs);
     return Py_BuildValue("NNN", _null_to_none(self), pyargs, pykwargs);

Modules/audioop.c

@@ -170,6 +170,7 @@ st_14linear2ulaw(int16_t pcm_val)       /* 2's complement (14-bit range) */
     if (seg >= 8)           /* out of range, return maximum value. */
         return (unsigned char) (0x7F ^ mask);
     else {
+        assert(0 <= seg);
         uval = (unsigned char) (seg << 4) | ((pcm_val >> (seg + 1)) & 0xF);
         return (uval ^ mask);
     }
@@ -346,11 +347,16 @@ static const int stepsizeTable[89] = {
             SETINT32((cp), (i), (val));         \
     } while(0)
 
+static inline int lshift_safe(int x, Py_ssize_t b) {
+    assert(0 <= x);
+    assert(x <= (INT_MAX >> b));
+    return x << b;
+}
 
 #define GETSAMPLE32(size, cp, i)  (                     \
-        (size == 1) ? (int)GETINT8((cp), (i)) << 24 :   \
-        (size == 2) ? (int)GETINT16((cp), (i)) << 16 :  \
-        (size == 3) ? (int)GETINT24((cp), (i)) << 8 :   \
+        (size == 1) ? lshift_safe((int)GETINT8((cp), (i)), 24) :   \
+        (size == 2) ? lshift_safe((int)GETINT16((cp), (i)), 16) :  \
+        (size == 3) ? lshift_safe((int)GETINT24((cp), (i)), 8) :   \
                       (int)GETINT32((cp), (i)))
 
 #define SETSAMPLE32(size, cp, i, val)  do {     \
@@ -1558,6 +1564,7 @@ audioop_ulaw2lin_impl(PyObject *module, Py_buffer *fragment, int width)
 
     cp = fragment->buf;
     for (i = 0; i < fragment->len*width; i += width) {
+        assert(0 <= st_ulaw2linear16(*cp));
         int val = st_ulaw2linear16(*cp++) << 16;
         SETSAMPLE32(width, ncp, i, val);
     }
@@ -1632,6 +1639,7 @@ audioop_alaw2lin_impl(PyObject *module, Py_buffer *fragment, int width)
     cp = fragment->buf;
 
     for (i = 0; i < fragment->len*width; i += width) {
+        assert(0 <= st_alaw2linear16(*cp));
         val = st_alaw2linear16(*cp++) << 16;
         SETSAMPLE32(width, ncp, i, val);
     }
@@ -1757,6 +1765,7 @@ audioop_lin2adpcm_impl(PyObject *module, Py_buffer *fragment, int width,
 
         /* Step 6 - Output value */
         if ( bufferstep ) {
+            assert (0 <= delta);
             outputbuffer = (delta << 4) & 0xf0;
         } else {
             *ncp++ = (delta & 0x0f) | outputbuffer;
@@ -1875,6 +1884,7 @@ audioop_adpcm2lin_impl(PyObject *module, Py_buffer *fragment, int width,
         step = stepsizeTable[index];
 
         /* Step 6 - Output value */
+        assert(0 <= valpred);
         SETSAMPLE32(width, ncp, i, valpred << 16);
     }
 

Python/ceval.c

@@ -5532,6 +5532,7 @@ initialize_locals(PyThreadState *tstate, PyFunctionObject *func,
     /* Pack other positional arguments into the *args argument */
     if (co->co_flags & CO_VARARGS) {
         PyObject *u = NULL;
+        assert(args != NULL);
         u = _PyTuple_FromArraySteal(args + n, argcount - n);
         if (u == NULL) {
             goto fail_post_positional;