py/mpz: Avoid undefined behavior decrementing NULL.

jepler · dpgeorge · commit 0ef5ede3823e · 2025-06-16T12:11:07.000+10:00
In the case where an mpz number is zero, its `len` is 0 and its `dig` is
NULL.  In that case, decrementing NULL via `d--` is undefined behavior
according to the C specification.

Restructuring the loops in this way avoids undefined behavior.

Also, ensure that these cases are tested in the coverage test.  This
doesn't make much difference now, but would otherwise cause errors later
when the undefined behavior sanitizer is employed in CI.

Signed-off-by: Jeff Epler &lt;jepler@gmail.com&gt;
diff --git a/ports/unix/coverage.c b/ports/unix/coverage.c
@@ -475,6 +475,18 @@ static mp_obj_t extra_coverage(void) {
         mp_int_t value_signed;
         mpz_as_int_checked(&mpz, &value_signed);
         mp_printf(&mp_plat_print, "%d\n", (int)value_signed);
+
+        // hash the zero mpz integer
+        mpz_set_from_int(&mpz, 0);
+        mp_printf(&mp_plat_print, "%d\n", mpz_hash(&mpz));
+
+        // convert the mpz zero integer to int
+        mp_printf(&mp_plat_print, "%d\n", mpz_as_int_checked(&mpz, &value_signed));
+        mp_printf(&mp_plat_print, "%d\n", value_signed);
+
+        // mpz_set_from_float with 0 as argument
+        mpz_set_from_float(&mpz, 0);
+        mp_printf(&mp_plat_print, "%f\n", mpz_as_float(&mpz));
     }
 
     // runtime utils
diff --git a/py/mpz.c b/py/mpz.c
@@ -1537,7 +1537,8 @@ mp_int_t mpz_hash(const mpz_t *z) {
     mp_uint_t val = 0;
     mpz_dig_t *d = z->dig + z->len;
 
-    while (d-- > z->dig) {
+    while (d > z->dig) {
+        d--;
         val = (val << DIG_SIZE) | *d;
     }
 
@@ -1552,11 +1553,12 @@ bool mpz_as_int_checked(const mpz_t *i, mp_int_t *value) {
     mp_uint_t val = 0;
     mpz_dig_t *d = i->dig + i->len;
 
-    while (d-- > i->dig) {
+    while (d > i->dig) {
         if (val > (~(MP_OBJ_WORD_MSBIT_HIGH) >> DIG_SIZE)) {
             // will overflow
             return false;
         }
+        d--;
         val = (val << DIG_SIZE) | *d;
     }
 
@@ -1577,11 +1579,12 @@ bool mpz_as_uint_checked(const mpz_t *i, mp_uint_t *value) {
     mp_uint_t val = 0;
     mpz_dig_t *d = i->dig + i->len;
 
-    while (d-- > i->dig) {
+    while (d > i->dig) {
         if (val > (~(MP_OBJ_WORD_MSBIT_HIGH) >> (DIG_SIZE - 1))) {
             // will overflow
             return false;
         }
+        d--;
         val = (val << DIG_SIZE) | *d;
     }
 
@@ -1642,7 +1645,8 @@ mp_float_t mpz_as_float(const mpz_t *i) {
     mp_float_t val = 0;
     mpz_dig_t *d = i->dig + i->len;
 
-    while (d-- > i->dig) {
+    while (d > i->dig) {
+        d--;
         val = val * DIG_BASE + *d;
     }
 
diff --git a/tests/ports/unix/extra_coverage.py.exp b/tests/ports/unix/extra_coverage.py.exp
@@ -89,6 +89,10 @@ data
 12345
 6
 -1
+0
+1
+0
+0.000000
 # runtime utils
 TypeError: unsupported type for __abs__: 'str'
 TypeError: unsupported types for __divmod__: 'str', 'str'

Original file line number	Diff line number	Diff line change
`@@ -89,6 +89,10 @@ data`
`89`	`89`	`12345`
`90`	`90`	`6`
`91`	`91`	`-1`
	`92`	`+0`
	`93`	`+1`
	`94`	`+0`
	`95`	`+0.000000`
`92`	`96`	`# runtime utils`
`93`	`97`	`TypeError: unsupported type for __abs__: 'str'`
`94`	`98`	`TypeError: unsupported types for __divmod__: 'str', 'str'`