ksh93/ksh

Infinite loop when evaluating ((-2**63/-1))

oliwer opened this issue · 1 comments

oliwer commented

Using Korn Shell Version AJM 93u+m/1.0.8 2024-01-01 on Linux amd64, the following command causes ksh to run into an infinite loop. I had to kill -9 it:

echo $((-2**63/-1))

I ran a quick gdb, and it seems this line is the culprit:

ksh/src/cmd/ksh93/sh/streval.c

Line 359 in 7170ac0

num = U2F((Sfulong_t)(sp[-1]) / (Sfulong_t)(num));

The variable sp[-1] holds a negative long double (-9223372036854775808) which we are casting to an unsigned long. Looks like a similar issue to #770

McDutchie commented

I don't have access to Linux x86_64 right now, but on FreeBSD x86_64, the symptom is:

$ arch/freebsd13.i386-64/bin/ksh -c 'echo $((-2**63/-1))'
Floating exception(coredump)

Yes, looks like a workaround similar to the one that fixed #770 might work — though the real problem here is #771, which is not getting fixed anytime soon I'm afraid :(