[sword-devel] Module version numbers

Jaak Ristioja jaak at ristioja.ee
Tue Sep 25 06:02:31 EDT 2018 

> Very long version strings can only crash it if this runs out of memory.

Sorry, this was an incorrect statement. The POSIX Programmers Manual for
atoi(3p) states:

  If the value cannot be represented, the behavior is undefined.

Hence it can also crash / overwrite random memory or have other adverse
effects besides just returning an undefined value.


J

On 25.09.2018 12:56, Jaak Ristioja wrote:
>> Aside: Are there any limits to the number of dot separators in the
> Version value, or to the number of digits in total or in any part?
>> Would SWORD crash with a buffer overflow were it to encounter an
> inordinately long Version?
> 
> The relevant code to parse the version string is in the SWVersion
> constructor:
> 
> SWVersion::SWVersion(const char *version) {
>  char *buf = new char[ strlen(version) + 1 ];
>  char *tok;
>  major = minor = minor2 = minor3 = -1;
> 
>  strcpy(buf, version);
>  tok = strtok(buf, ".");
>  if (tok)
>   major = atoi(tok);
>  tok = strtok(0, ".");
>  if (tok)
>   minor = atoi(tok);
>  tok = strtok(0, ".");
>  if (tok)
>   minor2 = atoi(tok);
>  tok = strtok(0, ".");
>  if (tok)
>   minor3 = atoi(tok);
>  delete [] buf;
> }
> 
> Very long version strings can only crash it if this runs out of memory.
> Other than that, it will just return an incorrect version. There are no
> limits to the number of dot separators, but only up to 4 version
> components separated by dots are actually parsed. AFAIK, the behavior of
> atoi() is undefined for invalid input. On my system, the results are as
> follows:
> 
>   "9.1" -> 9.1
>   "99.1" -> 99.1
>   "999.1" -> 999.1
>   "9999.1" -> 9999.1
>   "99999.1" -> 99999.1
>   "999999.1" -> 999999.1
>   "9999999.1" -> 9999999.1
>   "99999999.1" -> 99999999.1
>   "999999999.1" -> 999999999.1
>   "9999999999.1" -> 1410065407.1
>   "99999999999.1" -> 1215752191.1
>   "999999999999.1" -> -727379969.1
>   "9999999999999.1" -> 1316134911.1
>   "99999999999999.1" -> 276447231.1
>   "999999999999999.1" -> -1530494977.1
>   "9999999999999999.1" -> 1874919423.1
>   "99999999999999999.1" -> 1569325055.1
>   "999999999999999999.1" -> -1486618625.1
>   "9999999999999999999.1" -> -1.1
>   "99999999999999999999.1" -> -1.1
> 
> 
> J
> 
> On 25.09.2018 12:03, David Haslam wrote:
>> Ignoring the spurious SwordVersion hit, it seems that the string after the dash is a date in six digit format.
>>
>> IMHO, these modules should simply be re-issued with the dates recorded in the respective History key.
>>
>> It's not worth the effort to make the API parse these as they are now.
>> The dash is a nonconformance to what should be in the Version key.
>>
>> Aside: Are there any limits to the number of dot separators in the Version value, or to the number of digits in total or in any part?
>> Would SWORD crash with a buffer overflow were it to encounter an inordinately long Version?
>>
>> Best regards,
>>
>> David
>>
>> Sent from ProtonMail Mobile
>>
>> On Tue, Sep 25, 2018 at 09:44, Jaak Ristioja <jaak at ristioja.ee> wrote:
>>
>>> Hello!
>>>
>>> Most modules include version numbers matching the regular expression
>>>
>>> ^[0-9]+(.[0-9]+)*$
>>>
>>> However, looking at the .conf files, there are version fields with
>>> values also containing dashes:
>>>
>>> ~/.sword/mods.d $ grep -E 'Version=.*-' *
>>> 2tgreek.conf:Version=2.7-120109
>>> invstrongsrealgreek.conf:Version=1.4-090107
>>> jesermons.conf:SwordVersion=2017-05-24
>>> strongsrealgreek.conf:Version=1.5-150704
>>> tischmorph.conf:Version=2.7-120109
>>>
>>> How should these be interpreted? Should 1.2-3.4 be interpreted as
>>> (1).(2-3).(4) or (1.2)-(3.4)? It seems that SWVersion interprets such as
>>> just 1.2.4 (without the -3 entirely).
>>>
>>> God bless!
>>> J
>>>
>>> _______________________________________________
>>> sword-devel mailing list: sword-devel at crosswire.org
>>> http://www.crosswire.org/mailman/listinfo/sword-devel
>>> Instructions to unsubscribe/change your settings at above page
>>>
>>>
>>> _______________________________________________
>>> sword-devel mailing list: sword-devel at crosswire.org
>>> http://www.crosswire.org/mailman/listinfo/sword-devel
>>> Instructions to unsubscribe/change your settings at above page
> 
> 
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
>

More information about the sword-devel mailing list