Ticket #229 (new bug)

Opened 9 years ago

Last modified 4 years ago

Integer overflow in array allocation

Reported by: josefs Owned by:
Priority: low Milestone: _|_
Component: libraries/base Version: 6.4.1
Keywords: Cc:
Operating System: Unknown/Multiple Architecture: Unknown/Multiple
Type of failure: None/Unknown Difficulty: Unknown
Test Case: Blocked By:
Blocking: Related Tickets:

Description (last modified by josef) (diff)

When asked to create a sufficiently large array ghci coredumps. 

\begin{code}
import Data.Array.ST
import Control.Monad.ST
import GHC.Base

example = runST (do arr <- newArray (minInt,maxInt) 
False
		    go arr)
  where go :: STArray s Int Bool -> ST s Bool
	go arr = readArray arr 3
\end{code}

Load this into ghci and type 'example'.

Change History

Changed 9 years ago by simonmar 

Logged In: YES 
user_id=48280

There may be several problems here.   One is integer
overflow in Storage.c:allocate() when calculating the number
of blocks for the allocation request.  

Another problem is integer overflow in rangeSize: the
rangeSize for (minInt,maxInt) doesn't fit in an Int.  I'm
not sure what the correct outcome should be.  I'll look into
this some more later.

Changed 9 years ago by simonmar

  • summary changed from ghci coredumps to Integer overflow in array allocation

Changed 7 years ago by simonmar

  • difficulty set to Unknown
  • version changed from None to 6.4.1
  • os set to Unknown
  • architecture set to Unknown
  • description modified (diff)

Changed 7 years ago by simonmar

  • priority changed from lowest to low

see also #770

Changed 7 years ago by simonmar

see also #871

Changed 7 years ago by igloo

  • milestone set to 6.8

Changed 6 years ago by simonmar

  • owner simonmar deleted
  • status changed from assigned to new

Changed 6 years ago by simonmar

  • milestone changed from 6.8 branch to _|_

Changed 5 years ago by simonmar

  • architecture changed from Unknown to Unknown/Multiple

Changed 5 years ago by simonmar

  • os changed from Unknown to Unknown/Multiple

Changed 4 years ago by StefanWehr

  • failure set to None/Unknown

With ghci 6.10.4 on Linux the problem no longer occurs. (You get an "Exception: Error in array index" instead of a core dump.) The bug seems to be fixed but I did not dare to change the status.

Changed 4 years ago by simonmar

  • status changed from new to closed
  • resolution changed from None to fixed

Thanks Stefan!

Changed 4 years ago by josef

  • description modified (diff)

Using the bounds (minInt,maxInt) was probably the wrong thing todo. My concern when filing the bug report was not the arithmetic overflow but the fact that ghci crashes when it tries to allocate a too large an array. It is still possible to provoke a crash if you change the array bounds to, say, (2,maxInt). Should I open a new ticket or reopen this one?

Changed 4 years ago by simonmar

  • status changed from closed to reopened
  • resolution fixed deleted

Ok, re-opening.

Note: See TracTickets for help on using tickets.