From: Hiro Asari <redmine@...>
Date: 2009-09-02T14:45:56+09:00
Subject: [ruby-core:25263] [Bug #2030] Math.gamma(x) seg faults for integer x larger than 2<<63-1

Issue #2030 has been updated by Hiro Asari.


Yes, the patch appers to work.

surfboard:ruby[svn:24735]$ make math.S && sed -n '/^_math_gamma:/,/^[._]/p' math.S
gcc -O3 -g -Wall -Wno-unused-parameter -Wno-parentheses -Wno-missing-field-initializers -Wshorten-64-to-32 -Wpointer-arith -Wwrite-strings  -pipe -I. -I.ext/include/i386-darwin10.0.0 -I./include -I. -DRUBY_EXPORT -D_XOPEN_SOURCE -D_DARWIN_C_SOURCE   -o math.S -S math.c
_math_gamma:
LFB63:
	.loc 1 639 0
LVL167:
	pushq	%rbp
LCFI62:
	movq	%rsp, %rbp
LCFI63:
	subq	$32, %rsp
LCFI64:
LBB271:
LBB273:
	.loc 2 1203 0
	testb	$3, %sil
	je	L346
LBE273:
	.loc 2 1204 0
	testb	$1, %sil
	je	L377
L348:
LBE271:
	.loc 1 669 0
	movq	%rsi, %rdi
LVL168:
	call	_rb_to_float
LVL169:
	movq	%rax, %rsi
LVL170:
L355:
	.loc 1 670 0
	movsd	16(%rsi), %xmm0
	movsd	%xmm0, -32(%rbp)
LVL171:
	.loc 1 671 0
	leaq	-8(%rbp), %rdi
LVL172:
	call	_modf
LVL173:
	.loc 1 672 0
	xorpd	%xmm1, %xmm1
	ucomisd	%xmm1, %xmm0
	jne	L356
	jp	L356
	movsd	-8(%rbp), %xmm0
LVL174:
	ucomisd	%xmm1, %xmm0
	jbe	L356
	ucomisd	LC34(%rip), %xmm0
	jbe	L378
L356:
	.loc 1 677 0
	call	___error
	movl	$0, (%rax)
	.loc 1 678 0
	movsd	-32(%rbp), %xmm0
	call	_tgamma
	movsd	%xmm0, -24(%rbp)
LVL175:
	movsd	-32(%rbp), %xmm0
	ucomisd	%xmm0, %xmm0
	jne	L371
	jp	L371
	movsd	-24(%rbp), %xmm0
	ucomisd	%xmm0, %xmm0
	jne	L374
	jp	L374
L371:
LBB275:
	.loc 1 29 0
	call	___error
LBB276:
	movl	(%rax), %edi
	testl	%edi, %edi
	jne	L368
LBE276:
LBE275:
	.loc 1 680 0
	movsd	-24(%rbp), %xmm0
	call	_rb_float_new
	.loc 1 681 0
	leave
	ret
LVL176:
L346:
LBB280:
LBB272:
	.loc 2 1209 0
	testq	$-5, %rsi
	jne	L352
	.loc 2 1210 0
	cmpq	$4, %rsi
	je	L348
	.loc 2 1211 0
	testq	%rsi, %rsi
	je	L348
L352:
LBE272:
LBE280:
	.loc 1 669 0
	movl	(%rsi), %eax
	andl	$31, %eax
	cmpl	$4, %eax
	jne	L348
	jmp	L355
L377:
LBB281:
LBB274:
	.loc 2 1205 0
	cmpq	$2, %rsi
	je	L348
	.loc 2 1206 0
	cmpb	$14, %sil
	je	L348
	.loc 2 1207 0
	cmpq	$6, %rsi
	jne	L352
	jmp	L348
LVL177:
L378:
LBE274:
LBE281:
	.loc 1 672 0
	jp	L356
	.loc 1 675 0
	cvttsd2si	%xmm0, %eax
	cltq
	leaq	-8+_fact_table.7022(%rip), %rdx
	movsd	(%rdx,%rax,8), %xmm0
	call	_rb_float_new
	.loc 1 681 0
	leave
	ret
LVL178:
L368:
LBB282:
LBB277:
	.loc 1 30 0
	leaq	LC29(%rip), %rdi
	call	_rb_sys_fail
L374:
LBE277:
	.loc 1 29 0
	call	___error
LBB278:
	movl	(%rax), %r8d
	testl	%r8d, %r8d
	jne	L368
LBE278:
	.loc 1 35 0
	call	___error
LBB279:
	movl	$33, (%rax)
	jmp	L374
LBE279:
LBE282:
LFE63:
	.align 4,0x90
_math_sqrt:

----------------------------------------
http://redmine.ruby-lang.org/issues/show/2030

----------------------------------------
http://redmine.ruby-lang.org