[hdrhistogram]: Prevent an FPE in rd_hdr_histogram_new (#4949)

The Floating Point Exception (FPE) `FE_DIVBYZERO` is flagged in
`rd_hdr_histogram_new` when `log2()` is called with `0`. This is done in
`rd_avg_init` numerous times, some of which cannot be disabled in
recent versions.

Consumers of librdkakfa may enable the raising of exceptions when FPEs
occur, including `FE_DIVBYZERO`, which causes the function to fail.

It is reasonable for the callers of `rd_hdr_histogram_new` to pass `0`
for the `minValue` parameter, and the intention of the calculation of
`unitMagnitude` is also reasonable. As such, fixing the maths there is
the correct approach. `unitMagnitude` being `0` in this case is an apt
choice based on how log2(n) works for n near `0`, and that the
caluclation already minimises to `0`.

A simple test was included that resets the flags, runs the offending
function, and observes the new set flags. Appropriately, it fails
before the fix, and passes after.

Author: Neofish22

CHANGELOG.md

@@ -21,6 +21,7 @@ librdkafka v2.12.0 is a feature release:
   so it's possible it did overlap with the periodic `topic.metadata.refresh.interval.ms`
   and cause a re-bootstrap even if not needed.
   Happening since 2.11.0 (#5177).
+* Issues: #4949: Prevent an FPE in rd_hdr_histogram_new.
 
 ### Telemetry fixes
 

src/rdhdrhistogram.c

@@ -89,6 +89,7 @@ rd_hdr_histogram_t *rd_hdr_histogram_new(int64_t minValue,
         int64_t largestValueWithSingleUnitResolution;
         int32_t subBucketCountMagnitude;
         int32_t subBucketHalfCountMagnitude;
+        double potentialUnitMagnitude;
         int32_t unitMagnitude;
         int32_t subBucketCount;
         int32_t subBucketHalfCount;
@@ -109,7 +110,8 @@ rd_hdr_histogram_t *rd_hdr_histogram_new(int64_t minValue,
 
         subBucketHalfCountMagnitude = RD_MAX(subBucketCountMagnitude, 1) - 1;
 
-        unitMagnitude = (int32_t)RD_MAX(floor(log2((double)minValue)), 0);
+        potentialUnitMagnitude = minValue == 0 ? 0 : log2((double)minValue);
+        unitMagnitude = (int32_t)RD_MAX(floor(potentialUnitMagnitude), 0);
 
         subBucketCount =
             (int32_t)pow(2, (double)subBucketHalfCountMagnitude + 1.0);

tests/0154-rd_hdr_histogram_new-fpe.c

@@ -0,0 +1,44 @@
+/*
+ * librdkafka - Apache Kafka C library
+ *
+ * Copyright (c) 2025, Confluent Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "test.h"
+#include "rdhdrhistogram.h"
+#include <fenv.h>
+
+void do_test_rd_hdr_histogram_new_fpe() {
+        rd_hdr_histogram_t *hist;
+        feclearexcept(FE_ALL_EXCEPT);
+        hist = rd_hdr_histogram_new(0, 10000, 2);
+        TEST_ASSERT(fetestexcept(FE_DIVBYZERO) == 0, "Division by zero occurred");
+        rd_hdr_histogram_destroy(hist);
+}
+
+int main_0154_rd_hdr_histogram_new_fpe(int argc, char **argv) {
+        do_test_rd_hdr_histogram_new_fpe();
+        return 0;
+}

tests/CMakeLists.txt

@@ -143,6 +143,7 @@ set(
     0151-purge-brokers.c
     0152-rebootstrap.c
     0153-memberid.c
+    0154-rd_hdr_histogram_new-fpe.c
     8000-idle.cpp
     8001-fetch_from_follower_mock_manual.c
     test.c

tests/test.c

@@ -270,6 +270,7 @@ _TEST_DECL(0150_telemetry_mock);
 _TEST_DECL(0151_purge_brokers_mock);
 _TEST_DECL(0152_rebootstrap_local);
 _TEST_DECL(0153_memberid);
+_TEST_DECL(0154_rd_hdr_histogram_new_fpe);
 
 /* Manual tests */
 _TEST_DECL(8000_idle);
@@ -536,6 +537,7 @@ struct test tests[] = {
     _TEST(0151_purge_brokers_mock, TEST_F_LOCAL),
     _TEST(0152_rebootstrap_local, TEST_F_LOCAL),
     _TEST(0153_memberid, 0, TEST_BRKVER(0, 4, 0, 0)),
+    _TEST(0154_rd_hdr_histogram_new_fpe, TEST_F_LOCAL),
 
 
     /* Manual tests */

win32/tests/tests.vcxproj

@@ -233,6 +233,7 @@
     <ClCompile Include="..\..\tests\0151-purge-brokers.c" />
     <ClCompile Include="..\..\tests\0152-rebootstrap.c" />
     <ClCompile Include="..\..\tests\0153-memberid.c" />
+    <ClCompile Include="..\..\tests\0154-rd_hdr_histogram_new-fpe.c" />
     <ClCompile Include="..\..\tests\8000-idle.cpp" />
     <ClCompile Include="..\..\tests\8001-fetch_from_follower_mock_manual.c" />
     <ClCompile Include="..\..\tests\test.c" />