Richard Henderson <richard.hender...@linaro.org> writes:
> Without bounding the increment, we can overflow exp either here
> in scalbn_decomposed or when adding the bias in round_canonical.
> This can result in e.g. underflowing to 0 instead of overflowing
> to infinity.
>
> The old softfloat code did bound the increment.
>
> Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
> ---
> fpu/softfloat.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/fpu/softfloat.c b/fpu/softfloat.c
> index ba6e654050..a589f328c9 100644
> --- a/fpu/softfloat.c
> +++ b/fpu/softfloat.c
> @@ -1883,6 +1883,12 @@ static FloatParts scalbn_decomposed(FloatParts a, int
> n, float_status *s)
> return return_nan(a, s);
> }
> if (a.cls == float_class_normal) {
> + /* The largest float type (even though not supported by FloatParts)
> + * is float128, which has a 15 bit exponent. Bounding N to 16 bits
> + * still allows rounding to infinity, without allowing overflow
> + * within the int32_t that backs FloatParts.exp.
> + */
> + n = MIN(MAX(n, -0x10000), 0x10000);
> a.exp += n;
> }
> return a;
Reviewed-by: Alex Bennée <alex.ben...@linaro.org>
Tested-by: Alex Bennée <alex.ben...@linaro.org>
(risu FWIW although it obviously didn't catch this failure ;-)
--
Alex Bennée
