Fix ICE caused by seeking past i64::MAX

2024-06-20 17:21:19 +08:00 · 2024-06-20 17:21:19 +08:00 · c7413154e1
commit c7413154e1
parent 66ad792c4e
2 changed files with 29 additions and 1 deletions
--- a/src/tools/miri/src/shims/unix/fs.rs
+++ b/src/tools/miri/src/shims/unix/fs.rs
@ -395,7 +395,14 @@ pub trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> {
        // Isolation check is done via `FileDescriptor` trait.

        let seek_from = if whence == this.eval_libc_i32("SEEK_SET") {
-            SeekFrom::Start(u64::try_from(offset).unwrap())
+            if offset < 0 {
+                // Negative offsets return `EINVAL`.
+                let einval = this.eval_libc("EINVAL");
+                this.set_last_error(einval)?;
+                return Ok(Scalar::from_i64(-1));
+            } else {
+                SeekFrom::Start(u64::try_from(offset).unwrap())
+            }
        } else if whence == this.eval_libc_i32("SEEK_CUR") {
            SeekFrom::Current(i64::try_from(offset).unwrap())
        } else if whence == this.eval_libc_i32("SEEK_END") {
--- a/src/tools/miri/tests/pass/issues/issue-miri-3680.rs
+++ b/src/tools/miri/tests/pass/issues/issue-miri-3680.rs
@ -0,0 +1,21 @@
+//@ignore-target-windows: File handling is not implemented yet
+//@compile-flags: -Zmiri-disable-isolation
+
+use std::fs::remove_file;
+use std::io::{ErrorKind, Seek};
+
+#[path = "../../utils/mod.rs"]
+mod utils;
+
+fn main() {
+    let path = utils::prepare("miri_test_fs_seek_i64_max_plus_1.txt");
+
+    let mut f = std::fs::File::create(&path).unwrap();
+    let error = f.seek(std::io::SeekFrom::Start(i64::MAX as u64 + 1)).unwrap_err();
+
+    // It should be error due to negative offset.
+    assert_eq!(error.kind(), ErrorKind::InvalidInput);
+
+    // Cleanup
+    remove_file(&path).unwrap();
+}