From: David Laight <david.laight.linux@gmail.com>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: David Desobry <david.desobry@formalgen.com>,
tglx@kernel.org, mingo@redhat.com, bp@alien8.de,
dave.hansen@linux.intel.com, x86@kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] x86/lib: Fix num_digits() signed overflow for INT_MIN
Date: Tue, 20 Jan 2026 18:58:56 +0000 [thread overview]
Message-ID: <20260120185856.3d74efcb@pumpkin> (raw)
In-Reply-To: <53DB5B87-BA96-44B1-AE1B-9055CB7B9350@zytor.com>
On Tue, 20 Jan 2026 08:23:16 -0800
"H. Peter Anvin" <hpa@zytor.com> wrote:
> On January 20, 2026 1:42:58 AM PST, David Desobry <david.desobry@formalgen.com> wrote:
> >In num_digits(), the negation of the input value "val = -val"
> >causes undefined behavior when val is INT_MIN, as its absolute
> >value cannot be represented as a signed 32-bit integer.
> >
> >This leads to incorrect results (returning 2 instead of 11).
> >By promoting the value to long long before negation, we ensure
> >the absolute value is correctly handled.
> >
> >Signed-off-by: David Desobry <david.desobry@formalgen.com>
> >---
> > arch/x86/lib/misc.c | 7 ++++---
> > 1 file changed, 4 insertions(+), 3 deletions(-)
> >
> >diff --git a/arch/x86/lib/misc.c b/arch/x86/lib/misc.c
> >index 40b81c338ae5..c975db6ccb9f 100644
> >--- a/arch/x86/lib/misc.c
> >+++ b/arch/x86/lib/misc.c
> >@@ -8,15 +8,16 @@
> > */
> > int num_digits(int val)
> > {
> >+ long long v = val;
> > long long m = 10;
> > int d = 1;
> >
> >- if (val < 0) {
> >+ if (v < 0) {
> > d++;
> >- val = -val;
> >+ v = -v;
> > }
> >
> >- while (val >= m) {
> >+ while (v >= m) {
> > m *= 10;
> > d++;
> > }
>
> That has got to be the dumbest possible implementation of that task, bug or no bug.
And you really don't want to be doing 64bit maths on a 32bit system.
> A switch statement would be simpler and faster.
I think you mean a chain of if statement - you'd need a lot of them.
But you could have:
if (val < 0) {
if (val < -999999999)
return 11;
val = -val;
d++;
} else {
if (val > 999999999)
return 10;
}
then use whatever scheme looks best.
David
prev parent reply other threads:[~2026-01-20 18:59 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-20 9:42 [PATCH] x86/lib: Fix num_digits() signed overflow for INT_MIN David Desobry
2026-01-20 16:23 ` H. Peter Anvin
2026-01-20 16:40 ` Borislav Petkov
2026-01-20 18:02 ` H. Peter Anvin
2026-01-20 18:17 ` H. Peter Anvin
2026-01-20 19:16 ` Borislav Petkov
2026-01-20 19:50 ` H. Peter Anvin
2026-01-20 20:13 ` Borislav Petkov
2026-01-21 10:59 ` David Laight
[not found] ` <14738799-afb2-428b-9829-f1ed038f3872@formalgen.com>
2026-01-20 20:24 ` H. Peter Anvin
2026-01-20 21:22 ` Borislav Petkov
2026-01-20 21:21 ` Borislav Petkov
2026-01-20 17:48 ` David Desobry
2026-01-20 22:15 ` David Laight
2026-01-20 18:58 ` David Laight [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260120185856.3d74efcb@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=david.desobry@formalgen.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox