From nobody@FreeBSD.org  Thu Apr  6 02:06:54 2000
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 342E537BB68
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  6 Apr 2000 02:06:54 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id CAA43220;
	Thu, 6 Apr 2000 02:06:54 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Message-Id: <200004060906.CAA43220@freefall.freebsd.org>
Date: Thu, 6 Apr 2000 02:06:54 -0700 (PDT)
From: jdg@debian.org
Sender: nobody@FreeBSD.org
To: freebsd-gnats-submit@FreeBSD.org
Subject: [PATCH] /usr/bin/column has arithmetic overflows
X-Send-Pr-Version: www-1.0

>Number:         17824
>Category:       bin
>Synopsis:       [PATCH] /usr/bin/column has arithmetic overflows
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    sheldonh
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr  6 02:10:01 PDT 2000
>Closed-Date:    Tue Nov 27 10:26:52 PST 2001
>Last-Modified:  Tue Nov 27 10:30:50 PST 2001
>Originator:     Julian Gilbey
>Release:        I'm not (but it's still a bug in latest CVS)
>Organization:
>Environment:
N/A
>Description:
I discovered that column gave divide-by-zero errors in certain
situations (specifically, if the number of display columns is c and
the widest item of data has width w, then letting w8 = 8*((w+8)/8)
(rounding down to the nearest int), the error will occur if w<c<w8).
The patch in the "Fix" section below corrects this bug.  (It's not
obvious because usually c=80, so we cannot have w<c<w8.)

>How-To-Repeat:
polya:~ $ cat > /tmp/72
123456789012345678901234567890123456789012345678901234567890123456789012
polya:~ $ column -c 79 </tmp/72
Floating point exception
polya:~ $ 

>Fix:
[This patch won't work directly because of tab->space conversion.]

--- column.c.orig       Thu Mar 25 02:47:47 1999
+++ column.c    Wed Apr  5 23:42:31 2000
@@ -145,6 +145,10 @@

        maxlength = (maxlength + TAB) & ~(TAB - 1);
        numcols = termwidth / maxlength;
+       if (!numcols) {
+               print();
+               exit(eval);
+       }
        endcol = maxlength;
        for (chcnt = col = 0, lp = list;; ++lp) {
                chcnt += printf("%s", *lp);
@@ -173,6 +177,10 @@

        maxlength = (maxlength + TAB) & ~(TAB - 1);
        numcols = termwidth / maxlength;
+       if (!numcols) {
+               print();
+               exit(eval);
+       }
        numrows = entries / numcols;
        if (entries % numcols)
                ++numrows;


>Release-Note:
>Audit-Trail:

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: jdg@debian.org
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/17824: [PATCH] /usr/bin/column has arithmetic overflows 
Date: Thu, 06 Apr 2000 14:25:53 +0200

 On Thu, 06 Apr 2000 02:06:54 MST, jdg@debian.org wrote:
 
 >         maxlength = (maxlength + TAB) & ~(TAB - 1);
 >         numcols = termwidth / maxlength;
 > +       if (!numcols) {
 
 I don't get it.  You still don't seem to be protecting against
 divide-by-zero.  Shouldn't you be testing the value of the dividend
 before dividing?
 
 Ciao,
 Sheldon.
 

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: jdg@debian.org
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/17824: [PATCH] /usr/bin/column has arithmetic overflows 
Date: Thu, 06 Apr 2000 14:37:05 +0200

 On Thu, 06 Apr 2000 14:25:53 +0200, Sheldon Hearn wrote:
 
 > I don't get it.  You still don't seem to be protecting against
 > divide-by-zero.  Shouldn't you be testing the value of the dividend
 > before dividing?
 
 Agh, I meant the divisor, of course.
 
 Ciao,
 Sheldon.
 

From: Julian Gilbey <J.D.Gilbey@qmw.ac.uk>
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/17824: [PATCH] /usr/bin/column has arithmetic overflows
Date: Thu, 6 Apr 2000 17:26:51 +0100

 On Thu, Apr 06, 2000 at 02:25:53PM +0200, Sheldon Hearn wrote:
 > On Thu, 06 Apr 2000 02:06:54 MST, jdg@debian.org wrote:
 > 
 > >         maxlength = (maxlength + TAB) & ~(TAB - 1);
 > >         numcols = termwidth / maxlength;
 > > +       if (!numcols) {
 > 
 > I don't get it.  You still don't seem to be protecting against
 > divide-by-zero.  Shouldn't you be testing the value of the dividend
 > before dividing?
 
 maxlength >= 0.  So, assuming that TAB is 8 (which it presumably is),
 the first line of the code rounds maxlength up to the next multiple of
 8, so maxlength >= 8 after this step.
 
 However, it is possible that numcols is zero if termwidth is less than
 the new maxlength, in which case we get a divide by zero in the next
 line (numrows = numlines / numcols or something like that).  That's
 why I test for numcols being zero and not maxlength.
 
    Julian
 
 -- 
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 
   Julian Gilbey, Dept of Maths, QMW, Univ. of London. J.D.Gilbey@qmw.ac.uk
         Debian GNU/Linux Developer,  see http://www.debian.org/~jdg
   Donate free food to the world's hungry: see http://www.thehungersite.com/
 
Responsible-Changed-From-To: freebsd-bugs->sheldonh 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Thu Apr 6 13:48:26 PDT 2000 
Responsible-Changed-Why:  
I'll take this one. 

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Julian Gilbey <J.D.Gilbey@qmw.ac.uk>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/17824: [PATCH] /usr/bin/column has arithmetic overflows 
Date: Thu, 06 Apr 2000 22:47:56 +0200

 On Thu, 06 Apr 2000 17:26:51 +0100, Julian Gilbey wrote:
 
 > However, it is possible that numcols is zero if termwidth is less than
 > the new maxlength, in which case we get a divide by zero in the next
 > line (numrows = numlines / numcols or something like that).
 
 Gotcha!  Thanks.
 
 Ciao,
 Sheldon.
 
State-Changed-From-To: open->feedback 
State-Changed-By: sheldonh 
State-Changed-When: Tue Aug 8 05:52:45 PDT 2000 
State-Changed-Why:  
Are you happy with the OpenBSD fix for this? 

http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.bin/column/column.c.diff?r1=1.4&r2=1.5&cvsroot=openbsd 

http://www.freebsd.org/cgi/query-pr.cgi?pr=17824 

From: Julian Gilbey <jdg@debian.org>
To: sheldonh@freebsd.org
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/17824: [PATCH] /usr/bin/column has arithmetic overflows
Date: Mon, 4 Dec 2000 10:10:18 +0000

 On Tue, Aug 08, 2000 at 05:53:32AM -0700, sheldonh@freebsd.org wrote:
 > Synopsis: [PATCH] /usr/bin/column has arithmetic overflows
 > 
 > State-Changed-From-To: open->feedback
 > State-Changed-By: sheldonh
 > State-Changed-When: Tue Aug 8 05:52:45 PDT 2000
 > State-Changed-Why: 
 > Are you happy with the OpenBSD fix for this?
 > 
 > 	http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.bin/column/column.c.diff?r1=1.4&r2=1.5&cvsroot=openbsd
 
 No, you need to patch c_columnate as well in the same way, although I
 prefer your patch to mine because of the tab->space business you
 noticed.
 
    Julian
 
 -- 
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 
   Julian Gilbey, Dept of Maths, QMW, Univ. of London. J.D.Gilbey@qmw.ac.uk
         Debian GNU/Linux Developer,  see http://www.debian.org/~jdg
   Donate free food to the world's hungry: see http://www.thehungersite.com/
 
State-Changed-From-To: feedback->closed 
State-Changed-By: sheldonh 
State-Changed-When: Tue Nov 27 10:26:52 PST 2001 
State-Changed-Why:  
Closed as per audit trail for bin/26283 . 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=17824 
>Unformatted:
