[sword-devel] Module version numbers

Peter Von Kaehne refdoc at gmx.net
Tue Sep 25 06:54:50 EDT 2018 

I think there are two aspects then - version numbers should be correct in current modules. I think the bulk of the modules you listed are Xiphos, not CrossWire, but at least one is issued by CrossWire, maybe more. I will fix CrossWire's set.

The other is - wrong version numbers should not crash the engine or produce unreliable/undefined results. Or at least the engine should go down with a decent error message. In essence all places where wrong module conf file entries can cause grief in the engine, I guess some level of sanity checking should happen - Particularly if we want to encourage other publishers to take up offering repositories.

Peter



> Gesendet: Dienstag, 25. September 2018 um 10:56 Uhr
> Von: "Jaak Ristioja" <jaak at ristioja.ee>
> An: sword-devel at crosswire.org
> Betreff: Re: [sword-devel] Module version numbers
>
> > Aside: Are there any limits to the number of dot separators in the
> Version value, or to the number of digits in total or in any part?
> > Would SWORD crash with a buffer overflow were it to encounter an
> inordinately long Version?
> 
> The relevant code to parse the version string is in the SWVersion
> constructor:
> 
> SWVersion::SWVersion(const char *version) {
>  char *buf = new char[ strlen(version) + 1 ];
>  char *tok;
>  major = minor = minor2 = minor3 = -1;
> 
>  strcpy(buf, version);
>  tok = strtok(buf, ".");
>  if (tok)
>   major = atoi(tok);
>  tok = strtok(0, ".");
>  if (tok)
>   minor = atoi(tok);
>  tok = strtok(0, ".");
>  if (tok)
>   minor2 = atoi(tok);
>  tok = strtok(0, ".");
>  if (tok)
>   minor3 = atoi(tok);
>  delete [] buf;
> }
> 
> Very long version strings can only crash it if this runs out of memory.
> Other than that, it will just return an incorrect version. There are no
> limits to the number of dot separators, but only up to 4 version
> components separated by dots are actually parsed. AFAIK, the behavior of
> atoi() is undefined for invalid input. On my system, the results are as
> follows:
> 
>   "9.1" -> 9.1
>   "99.1" -> 99.1
>   "999.1" -> 999.1
>   "9999.1" -> 9999.1
>   "99999.1" -> 99999.1
>   "999999.1" -> 999999.1
>   "9999999.1" -> 9999999.1
>   "99999999.1" -> 99999999.1
>   "999999999.1" -> 999999999.1
>   "9999999999.1" -> 1410065407.1
>   "99999999999.1" -> 1215752191.1
>   "999999999999.1" -> -727379969.1
>   "9999999999999.1" -> 1316134911.1
>   "99999999999999.1" -> 276447231.1
>   "999999999999999.1" -> -1530494977.1
>   "9999999999999999.1" -> 1874919423.1
>   "99999999999999999.1" -> 1569325055.1
>   "999999999999999999.1" -> -1486618625.1
>   "9999999999999999999.1" -> -1.1
>   "99999999999999999999.1" -> -1.1
> 
> 
> J
> 
> On 25.09.2018 12:03, David Haslam wrote:
> > Ignoring the spurious SwordVersion hit, it seems that the string after the dash is a date in six digit format.
> > 
> > IMHO, these modules should simply be re-issued with the dates recorded in the respective History key.
> > 
> > It's not worth the effort to make the API parse these as they are now.
> > The dash is a nonconformance to what should be in the Version key.
> > 
> > Aside: Are there any limits to the number of dot separators in the Version value, or to the number of digits in total or in any part?
> > Would SWORD crash with a buffer overflow were it to encounter an inordinately long Version?
> > 
> > Best regards,
> > 
> > David
> > 
> > Sent from ProtonMail Mobile
> > 
> > On Tue, Sep 25, 2018 at 09:44, Jaak Ristioja <jaak at ristioja.ee> wrote:
> > 
> >> Hello!
> >>
> >> Most modules include version numbers matching the regular expression
> >>
> >> ^[0-9]+(.[0-9]+)*$
> >>
> >> However, looking at the .conf files, there are version fields with
> >> values also containing dashes:
> >>
> >> ~/.sword/mods.d $ grep -E 'Version=.*-' *
> >> 2tgreek.conf:Version=2.7-120109
> >> invstrongsrealgreek.conf:Version=1.4-090107
> >> jesermons.conf:SwordVersion=2017-05-24
> >> strongsrealgreek.conf:Version=1.5-150704
> >> tischmorph.conf:Version=2.7-120109
> >>
> >> How should these be interpreted? Should 1.2-3.4 be interpreted as
> >> (1).(2-3).(4) or (1.2)-(3.4)? It seems that SWVersion interprets such as
> >> just 1.2.4 (without the -3 entirely).
> >>
> >> God bless!
> >> J
> >>
> >> _______________________________________________
> >> sword-devel mailing list: sword-devel at crosswire.org
> >> http://www.crosswire.org/mailman/listinfo/sword-devel
> >> Instructions to unsubscribe/change your settings at above page
> >>
> >>
> >> _______________________________________________
> >> sword-devel mailing list: sword-devel at crosswire.org
> >> http://www.crosswire.org/mailman/listinfo/sword-devel
> >> Instructions to unsubscribe/change your settings at above page
> 
> 
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
>

More information about the sword-devel mailing list