Re: [xml] [PATCH] Prevent overflow on duration comparison 32-bit.

From: Daniel Veillard <veillard redhat com>
To: Nick Pope <nick nickpope me uk>
Cc: xml gnome org
Subject: Re: [xml] [PATCH] Prevent overflow on duration comparison 32-bit.
Date: Thu, 10 Nov 2011 23:26:27 +0800

On Thu, Oct 13, 2011 at 02:27:33PM +0100, Nick Pope wrote:

See https://bugzilla.gnome.org/show_bug.cgi?id=653724
---
 xmlschemastypes.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/xmlschemastypes.c b/xmlschemastypes.c
index 1a5454c..80725b4 100644
--- a/xmlschemastypes.c
+++ b/xmlschemastypes.c
@@ -3553,7 +3553,8 @@ xmlSchemaCompareDecimals(xmlSchemaValPtr x, xmlSchemaValPtr y)
 static int
 xmlSchemaCompareDurations(xmlSchemaValPtr x, xmlSchemaValPtr y)
 {
-    long carry, mon, day;
+    long long carry;
+    long mon, day;
     double sec;
     int invert = 1;
     long xmon, xday, myear, minday, maxday;
@@ -3569,7 +3570,7 @@ xmlSchemaCompareDurations(xmlSchemaValPtr x, xmlSchemaValPtr y)
 
     /* seconds */
     sec = x->value.dur.sec - y->value.dur.sec;
-    carry = (long)sec / SECS_PER_DAY;
+    carry = (long long)sec / SECS_PER_DAY;
     sec -= (double)(carry * SECS_PER_DAY);
 
     /* days */


  Hum, I would love to take that patch, but I don't use long long in
libxml2 for portability. I reproduced the issue on a 32 bit machine.
After looking a bit at the issue it's not needed, the problem is due to
the cast to double should be moved to the carry value when computing the
final sec value. I end up with a simpler patch which seems to work
exactly in the same way as yours, but without using long long type :-)

------------------------------------------------
diff --git a/xmlschemastypes.c b/xmlschemastypes.c
index 1a5454c..834b261 100644
--- a/xmlschemastypes.c
+++ b/xmlschemastypes.c
@@ -3569,8 +3569,8 @@ xmlSchemaCompareDurations(xmlSchemaValPtr x, xmlSchemaValPtr y)
 
     /* seconds */
     sec = x->value.dur.sec - y->value.dur.sec;
-    carry = (long)sec / SECS_PER_DAY;
-    sec -= (double)(carry * SECS_PER_DAY);
+    carry = (long)(sec / SECS_PER_DAY);
+    sec -= ((double)carry) * SECS_PER_DAY;
 
     /* days */
     day = x->value.dur.day - y->value.dur.day + carry;

------------------------------------------------

  Since that fixed the issue too on 32 bits I'm pushing this patch
instead, please confirm it still works for you :)

   thanks !

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel veillard com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]