panic: attempt to add with overflow

[lxyyyy09]

I'm using libc v0.2.171. I encountered panic thread 'main' panicked at /playground/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/libc-0.2.172/src/unix/linux_like/linux/mod.rs:6120:10: attempt to add with overflow and thread 'main' panicked at library/core/src/panicking.rs:218:5: panic in a function that cannot unwind when running the following example. This example can be reproduced in Rust playground.

fn _to_u64(data:&[u8], index:usize)->u64 {
    let data0 = _to_u32(data, index) as u64;
    let data1 = _to_u32(data, index+4) as u64;
    data0 << 32 | data1
}

fn _to_usize(data:&[u8], index:usize)->usize {
    _to_u64(data, index) as usize
}

fn _to_u32(data:&[u8], index:usize)->u32 {
    let data0 = _to_u16(data, index) as u32;
    let data1 = _to_u16(data, index+2) as u32;
    data0 << 16 | data1
}

fn _to_u8(data:&[u8], index:usize)->u8 {
    data[index]
}

fn _to_u16(data:&[u8], index:usize)->u16 {
    let data0 = _to_u8(data, index) as u16;
    let data1 = _to_u8(data, index+1) as u16;
    data0 << 8 | data1
}


fn test_function0(_param0 :usize) {
    unsafe {
        let _ = libc::TPACKET_ALIGN(_param0);
    }
}

fn main() {
    //actual body emit
    let data=[0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff];
    if data.len() != 8 {return;}
    let _param0 = _to_usize(&data, 0);
    test_function0(_param0);
}

[ptrca]

The panic indicates a bug in the user program.
What does TPACKET_ALIGN(u64:MAX) even mean? Anyway, libc could use wrapping operators for that macro if desired.

[tgross35]

Agreed, what is going on in the code? Most of the repro isn't relevant, it's just constructing a u64::MAX from an array and passing that to TPACKET_ALIGN as @ptrca said. (It's doing so in a rather convoluted way if you need to read from an array of bytes btw, u64::from_{be,ne,le}_bytes(...) exists).

IMO it's better to overflow than to quietly wrap on nonsensical inputs, so I'm going to close this. Please still feel free to follow up here if you have further details.