Bug#247848: tetex-bin: xdvi: large numerical prefixes lead to integer overflow
Package: tetex-bin
Version: 2.0.2-10
Severity: minor
If you press enough digits in the xdvi window, the "int" variable
holding the sequence of digits interpreted as a number overflows
(rolls over into negatives). I don't see that this is a very
important bug to fix, but it is an easy bug to fix, for someone who
knows the right C library magic thing like INT_MAX or whatever.
There is a header in kpathsea called c-minmax.h that may be the right
thing to use.
In any case, I don't have the full fix, but I have a fix in
pseudocode, if someone else figures out how to define the portable C
MAXINT magical constant.
(Hi Stefan -- yes, this problem is still there in xdvi 22.82.1-cvs1.
The code from the Debian version quoted below is only slightly
different: no "static" number and no #if TOOLKIT. I submit the bug to
Debian because I hope a Debian person can supply the part I don't know
how to write and submit a real patch upstream.)
for reference from texk/xdvik/events.c:
static int number = 0;
[..........]
static
ACTION(Act_digit)
{
unsigned int digit;
UNUSED(w);
UNUSED(event);
#if TOOLKIT
if (*num_params != 1 || (digit = **params - '0') > 9) {
XBell(DISP, 10);
return;
}
#else
digit = keychar - '0';
#endif
have_arg = True;
number = number * 10 + digit;
print_statusline(STATUS_SHORT, "numerical prefix: %s%d\n", sign < 0 ? "-" : "", number);
}
To fix:
Suppose that the constant MAXINT is the maximum integer that the
variable 'number' can hold, determined in some magic way that I don't
know.
Then define constants (or if necessary, variables of the same size as
'number' or larger):
MAXINT_QUOT := (MAXINT / 10)
MAXINT_MOD := (MAXINT % 10)
(To be pedantic, note critical assumption that MAXINT>=10 :) )
Then within the Act_digit() function, in place of the simple assignment to 'number':
if ( (number < MAXINT_QUOT) || \
((number == MAXINT_QUOT) && (digit <= MAXINT_MOD)) ) {
number = number * 10 + digit;
}
else {
number = MAXINT; /* maybe not wise because not what the user requested */
WARNING_NUMBER_HAS_GOTTEN_TOO_LARGE();
}
I have not checked the above code carefully for off-by-one errors at
boundary conditions! I think it's OK if MAXINT is the largest
positive _value_ that an "int" can hold, i.e., OK to say
"int x=MAXINT;", i.e., total number of distinct values for an "int"
variable (like "number" here) is 2*MAXINT+1 (positives, negatives, and
0).
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.5-beth.4
Locale: LANG=en_US, LC_CTYPE=en_US
Versions of packages tetex-bin depends on:
ii debconf 1.4.22 Debian configuration management sy
ii debianutils 2.8.1 Miscellaneous utilities specific t
ii dpkg 1.10.20 Package maintenance system for Deb
ii ed 0.2-20 The classic unix line editor
ii libc6 2.3.2.ds1-12 GNU C Library: Shared libraries an
ii libgcc1 1:3.3.3-6 GCC support library
ii libice6 4.3.0-7 Inter-Client Exchange library
ii libkpathsea3 2.0.2-10 path search library for teTeX (run
ii libpaper1 1.1.14 Library for handling paper charact
ii libpng12-0 1.2.5.0-6 PNG library - runtime
ii libsm6 4.3.0-7 X Window System Session Management
ii libstdc++5 1:3.3.3-6 The GNU Standard C++ Library v3
ii libt1-5 5.0.2-0pre1 Type 1 font rasterizer library - r
ii libwww0 5.4.0-9 The W3C WWW library
ii libx11-6 4.3.0-7 X Window System protocol client li
ii libxaw7 4.3.0-7 X Athena widget set library
ii libxext6 4.3.0-7 X Window System miscellaneous exte
ii libxmu6 4.3.0-7 X Window System miscellaneous util
ii libxt6 4.3.0-7 X Toolkit Intrinsics
ii mime-support 3.26-1 MIME files 'mime.types' & 'mailcap
ii perl 5.8.3-3 Larry Wall's Practical Extraction
ii sed 4.0.9-2 The GNU sed stream editor
ii tetex-base 2.0.2-6 Basic library files of teTeX
ii xlibs 4.3.0-7 X Window System client libraries m
ii zlib1g 1:1.2.1-5 compression library - runtime
-- debconf information:
* tetex-bin/hyphen:
tetex-bin/oldcfg: true
* tetex-bin/upd_map: true
tetex-bin/cnf_name:
* tetex-bin/fmtutil: true
* tetex-bin/use_debconf: true
* tetex-bin/groupname: users
* tetex-bin/userperm: false
* tetex-bin/groupperm: true
* tetex-bin/lsr-perms: true
* tetex-bin/texmf: true
Reply to: