Bug 498240 – Floating-point number parsing overflows and gets corrupted

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 498240 - Floating-point number parsing overflows and gets corrupted


Summary:	Floating-point number parsing overflows and gets corrupted


Status:	RESOLVED WONTFIX

Product:	libcroco
Classification:	Core
Component:	General
Version:	0.6.x
Hardware:	Other All

Importance:	Normal minor
Target Milestone:	---
Assigned To:	libcroco maintainers
QA Contact:	libcroco maintainers

URL:
Whiteboard:	gnome[unmaintained]

Duplicates:	482648 (view as bug list)
Depends on:
Blocks:

Reported:	2007-11-19 17:16 UTC by Nick Galbreath
Modified:	2020-08-11 15:46 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Nick Galbreath 2007-11-19 17:16:58 UTC

Please describe the problem:
Floating point numbers that have more than 10 digits past the "." (decimal point), get corrupted due to overflow.

If you run the sec-example-2 program on this CSS file

path {
stroke-width: 0.9;
stroke-width: 0.99;
stroke-width: 0.999;
stroke-width: 0.9999;
stroke-width: 0.99999;
stroke-wdith: 0.999999;
stroke-width: 0.9999999;
stroke-width: 0.99999999;
stroke-width: 0.999999999;
stroke-width: 0.9999999999;
stroke-width: 0.99999999999;
stroke-width: 0.999999999999;
}

you get

./sac-example-2 foo1.css
path {
?@ : 0.900
?@ : 0.990
?@ : 0.999
?@ : 1.000
?@ : 1.000
?@ : 1.000
?@ : 1.000
?@ : 1.000
?@ : 1.000
?@ : 0.141  <-----------OOOPS @ 10 digits
?@ : 0.012
?@ : -0.001

}
**Number of properties in this ruleset: 12

It's not a rounding problem.  If you change the numbers to 0.111111111111 a similar result occurs.

This can be triggered by using by programatically generating SVG files with python since the "str(double)" can produce 10+ digits.

>>> d=0.12345678912
>>> print str(d)
0.12345678912






Steps to reproduce:
-


Actual results:
-

Expected results:


Does this happen every time?
yes

Other information:
ok, so there are a few ways to fix.  The problem is in src/cr-tknzr.c

limit overflow:

Around line 1552, change
                      } else {
                                decimal_places++;
                                 dec_part = dec_part * 10 + (cur_char - '0');
                         }

to

      } else if (decimal_places < 10) {
                                decimal_places++;
                                 dec_part = dec_part * 10 + (cur_char - '0');
                         }

Not very elegant but does the job and it's better than the number being corrupted.

The other way is to change 'dec_part' from a guint32 to a gdouble, and to change (around line 1293)

cr_utils_n_to_0_dot_n (glong a_n, glong decimal_places)

  to

cr_utils_n_to_0_dot_n (gdouble a_n, glong decimal_places)


(also notice the original code is passing a guint32 to a glong, which contains a signed vs. unsigned problem).

I can provide a formal patch if you need.

Comment 1 Nick Galbreath 2007-11-19 17:18:28 UTC

whoops.

my "fix" is wrong... should be:

 } else if (decimal_places < 9) {  /* 9 digits max */

:-)

--nickg

Comment 2 Dominic Lachowicz 2007-11-19 17:57:44 UTC

*** Bug 482648 has been marked as a duplicate of this bug. ***

Comment 3 André Klapper 2020-08-11 15:46:23 UTC

libcroco is not under development anymore. Its codebase has been archived.

Closing this report as WONTFIX as part of Bugzilla Housekeeping to reflect
reality. Please feel free to reopen this ticket (or rather transfer the project
to GNOME Gitlab, as GNOME Bugzilla is being shut down) if anyone takes the
responsibility for active development again.