After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 144980 - gnc-numeric integer overflow (multiply, others?)
gnc-numeric integer overflow (multiply, others?)
Status: VERIFIED FIXED
Product: GnuCash
Classification: Other
Component: Engine
git-master
Other Linux
: Normal normal
: ---
Assigned To: linas
linas
Depends on:
Blocks:
 
 
Reported: 2004-06-25 13:52 UTC by Derek Atkins
Modified: 2018-06-29 20:44 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Derek Atkins 2004-06-25 13:52:08 UTC 
gnc-numeric doesn't properly multiply certain large numbers.  E.g.:

multiply (LCD): [1000000 / 1000000] * [10000000000000 / 1000000] =
[-8446744073709 / 1000000]

In particular, the problem appears to be when 2^63 <= num*num < 2^64 it wont
catch the fact that the number actually DID "carry"...  It's unclear if this
problem exists with other gnc-numeric operations other than multiply.  They
should all get tested.

This is a problem in both 1.8 and HEAD.
Comment 1 Derek Atkins 2004-06-25 16:16:39 UTC 
I commited some code into HEAD that I think fixes this problem.

Linas, can you audit?  Should we backport the 128-bit math to 1.8?
Comment 2 linas 2004-06-26 06:45:15 UTC 
I haven't yet tried to understand why that fix works, but it seems to, 
it passes the multiply & divide tests.  (I had to add the same fix in 
divide code as well). 
 
Backport the entire gnc-numeric.c file to the 1.8 branch, I think its 
completely compatible.
Comment 3 Derek Atkins 2004-06-26 13:22:08 UTC 
The problem is that a gnc_numeric numerator is a gint64, but the gncint128.lo is
a guint64.  That means we have an overflow condition when bigprod.hi > 0 __OR__
the 64th bit is set in bigprod.lo.  So basically I'm testing for "number >= 2^63".

We should make sure it still works when dealing with negative numbers, but I
think it does because you have a separate "isneg" flag.

Does this explain why the fix works?
Comment 4 Derek Atkins 2004-06-26 18:09:28 UTC 
FYI, there's still an overflow bug in gnc_numeric_div().  I just committed a new
test in test-numeric that shows the problem:

FAILURE expected [2578135489 / 7617691200] got <ERROR> [-2 / 0] =
[782592055622866 / 89025] / [2222554708930978 / 85568] for div round
test-numeric.c:76 

I should add that I'm not 100% sure that the expected value is correct, but -2/0
is certainly not correct ;)

This bug is causing test-query to fail as well.
Comment 5 Derek Atkins 2004-06-26 18:11:04 UTC 
FYI, the expected value could be 2578135489763407 / 7617691200000000
Comment 6 linas 2004-06-27 15:43:56 UTC 
The division problem appears to be a true overflow, the denominator, even 
after reducing all common factors, still won't fit into a 64-bit int.  
I think the bug is now fixed in head, needs to be ported to 1.8 branch
Comment 7 Derek Atkins 2004-06-27 15:58:37 UTC 
Well, there's still the problem that other tests are failing because they
generate random numbers that fail in this particular manner.  That's where I got
this particular test-case from -- from stepping through another test and
noticing the numbers they had.

Other than limiting the randomness of "random" gnc-numerics in the tests, I
don't know what other way to "fix" this if this really is a division overflow.
Comment 8 linas 2004-07-07 06:25:46 UTC 
OK, there's been a huge amount of work on gnc-numeric,  
I hope we've nailed all the bugs.
Comment 9 John Ralls 2018-06-29 20:44:28 UTC 
GnuCash bug tracking has moved to a new Bugzilla host. This bug has been copied to https://bugs.gnucash.org/show_bug.cgi?id=144980. Please update any external references or bookmarks.