[sword-devel] Module version numbers

Jaak Ristioja jaak at ristioja.ee
Tue Sep 25 05:56:14 EDT 2018 

> Aside: Are there any limits to the number of dot separators in the
Version value, or to the number of digits in total or in any part?
> Would SWORD crash with a buffer overflow were it to encounter an
inordinately long Version?

The relevant code to parse the version string is in the SWVersion
constructor:

SWVersion::SWVersion(const char *version) {
 char *buf = new char[ strlen(version) + 1 ];
 char *tok;
 major = minor = minor2 = minor3 = -1;

 strcpy(buf, version);
 tok = strtok(buf, ".");
 if (tok)
  major = atoi(tok);
 tok = strtok(0, ".");
 if (tok)
  minor = atoi(tok);
 tok = strtok(0, ".");
 if (tok)
  minor2 = atoi(tok);
 tok = strtok(0, ".");
 if (tok)
  minor3 = atoi(tok);
 delete [] buf;
}

Very long version strings can only crash it if this runs out of memory.
Other than that, it will just return an incorrect version. There are no
limits to the number of dot separators, but only up to 4 version
components separated by dots are actually parsed. AFAIK, the behavior of
atoi() is undefined for invalid input. On my system, the results are as
follows:

  "9.1" -> 9.1
  "99.1" -> 99.1
  "999.1" -> 999.1
  "9999.1" -> 9999.1
  "99999.1" -> 99999.1
  "999999.1" -> 999999.1
  "9999999.1" -> 9999999.1
  "99999999.1" -> 99999999.1
  "999999999.1" -> 999999999.1
  "9999999999.1" -> 1410065407.1
  "99999999999.1" -> 1215752191.1
  "999999999999.1" -> -727379969.1
  "9999999999999.1" -> 1316134911.1
  "99999999999999.1" -> 276447231.1
  "999999999999999.1" -> -1530494977.1
  "9999999999999999.1" -> 1874919423.1
  "99999999999999999.1" -> 1569325055.1
  "999999999999999999.1" -> -1486618625.1
  "9999999999999999999.1" -> -1.1
  "99999999999999999999.1" -> -1.1


J

On 25.09.2018 12:03, David Haslam wrote:
> Ignoring the spurious SwordVersion hit, it seems that the string after the dash is a date in six digit format.
> 
> IMHO, these modules should simply be re-issued with the dates recorded in the respective History key.
> 
> It's not worth the effort to make the API parse these as they are now.
> The dash is a nonconformance to what should be in the Version key.
> 
> Aside: Are there any limits to the number of dot separators in the Version value, or to the number of digits in total or in any part?
> Would SWORD crash with a buffer overflow were it to encounter an inordinately long Version?
> 
> Best regards,
> 
> David
> 
> Sent from ProtonMail Mobile
> 
> On Tue, Sep 25, 2018 at 09:44, Jaak Ristioja <jaak at ristioja.ee> wrote:
> 
>> Hello!
>>
>> Most modules include version numbers matching the regular expression
>>
>> ^[0-9]+(.[0-9]+)*$
>>
>> However, looking at the .conf files, there are version fields with
>> values also containing dashes:
>>
>> ~/.sword/mods.d $ grep -E 'Version=.*-' *
>> 2tgreek.conf:Version=2.7-120109
>> invstrongsrealgreek.conf:Version=1.4-090107
>> jesermons.conf:SwordVersion=2017-05-24
>> strongsrealgreek.conf:Version=1.5-150704
>> tischmorph.conf:Version=2.7-120109
>>
>> How should these be interpreted? Should 1.2-3.4 be interpreted as
>> (1).(2-3).(4) or (1.2)-(3.4)? It seems that SWVersion interprets such as
>> just 1.2.4 (without the -3 entirely).
>>
>> God bless!
>> J
>>
>> _______________________________________________
>> sword-devel mailing list: sword-devel at crosswire.org
>> http://www.crosswire.org/mailman/listinfo/sword-devel
>> Instructions to unsubscribe/change your settings at above page
>>
>>
>> _______________________________________________
>> sword-devel mailing list: sword-devel at crosswire.org
>> http://www.crosswire.org/mailman/listinfo/sword-devel
>> Instructions to unsubscribe/change your settings at above page

More information about the sword-devel mailing list