fix potential IV overflow in do_sv_dump()

mauke · mauke · commit 76f02b3a6f5e · 2025-09-16T07:10:34.000+02:00
Coverity says:

    CID 584102:         Insecure data handling  (INTEGER_OVERFLOW)
    The cast of "S_sequence_num(my_perl, ((XPVCV *)({...; p_;}))-&gt;xcv_start_u.xcv_start)" to a signed type could result in a negative number.

Avoid the issue by taking the UV returned by sequence_num and printing
it directly (without going through IV conversion).
diff --git a/dump.c b/dump.c
@@ -2797,9 +2797,9 @@ Perl_do_sv_dump(pTHX_ I32 level, PerlIO *file, SV *sv, I32 nest, I32 maxnest, bo
                                  PTR2UV(CvSTART(sv)));
                 else
                     Perl_dump_indent(aTHX_ level, file,
-                                 "  START = 0x%" UVxf " ===> %" IVdf "\n",
+                                 "  START = 0x%" UVxf " ===> %" UVuf "\n",
                                  PTR2UV(CvSTART(sv)),
-                                 (IV)sequence_num(CvSTART(sv)));
+                                 sequence_num(CvSTART(sv)));
             }
             Perl_dump_indent(aTHX_ level, file, "  ROOT = 0x%" UVxf "\n",
                              PTR2UV(CvROOT(sv)));
