Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Dec 2012 14:35:21 -0500
From: Rich Felker <>
Subject: Re: [PATCH] Fix strverscmp

On Wed, Dec 05, 2012 at 11:09:59AM -0800, Isaac Dunham wrote:
> On the Puppy Linux forums, technosaurus mentioned that musl's
> strverscmp implementation was broken; he has a small version of
> strverscmp that works properly, which he placed under a CC0-like
> license.
> This patch changes strverscmp to use his version. Results are
> comparable to glibc.

I'm not opposed to adding this, but the code has some bugs, most
notably integer overflow. On filenames consisting of long digit
strings, it will invoke undefined behavior. If the results are
unpredictable, it might even cause qsort to invoke very bad undefined

It would also, for example, cause these two names to compare equal:

- foobar-1.1.2
- foobar-1.01.3

just because the first component that differs textually compares equal

It also shares the same issues (which we should arguably duplicate
anyway) with the original strverscmp, that names consisting of hex
values get sorted in a ridiculous and harmful way.

If we're to implement this function, some thought about getting it
correct is needed..


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.