RISC OS Open: Forum: OS_PrettyPrint can kill you

Sep 17, 2019 11:24am

nemo (145) 2554 posts

Sometimes even I am staggered by the bugs in RISC OS. This one is extraordinarily dangerous, and terribly ancient.

Warning: Testing this outside of a TaskWindow WILL stiff your machine, requiring a reset. So save your buffers folks.

PrettyPrint is a simple text formatter that is used by many parts of the OS to output text, especially if the results are to be tabulated or word-wrapped. It also provides Alphabet-agnostic hard space support, which is nice. Be aware that the string you supply must be null terminated, NOT a CR as that’s just a NewLine to PrettyPrint.

I repeat, only test this in a TaskWindow. [Ironically, the first two things it does is read the available text window width and the cursor X position – both of which will be dead wrong in a TaskWindow, but that’s a subject for a different discussion.]

The bug concerns tabs (chr 9) which cause its internal cursor position to be advanced to a multiple of eight. In order to tabulate to the next column it has to count the length of the next word, to see if it will fit on the line. If not, it does a NewLine instead of a tab. The bug is that it does not expect the length of the next word to be zero.

It will be zero if there are two tabs in succession, but it spots that specifically by the character code. What it does not notice is when the next code is 0, the string terminator. It proceeds as though there is a word there. It calculates how many spaces are needed to advance, adds that word length, and checks that it fits. If it does, it starts printing spaces and decrementing its count. Unfortunately it uses a BNE instead of a BGT test, which means in one edge case the count is zero before the decrement… and PrettyPrint proceeds to print four and a quarter billion spaces.

This will trigger it:

SYS"OS_PrettyPrint","Bother!"+CHR$9+CHR$0

Six letters or eight letters, fine. Seven letters, bang.

How ancient? The version in Arthur was fine. This bug dates back to the RISC OS 2.00 rewrite to introduce dictionary tokens.

Sep 17, 2019 11:33am

nemo (145) 2554 posts

I found this because I was concerned by a few commands that build a list of words returned from an extensible interface in a fixed sized buffer, separated by tabs, and then PrettyPrint the buffer, and couldn’t cope with a buffer overrun. Why not just print a buffer at a time, or even one word at a time, with a tab on the end?

There should not be any material difference between:

SYS"OS_PrettyPrint","Tom"+CHR$9+"Dick"+CHR$9+"Harry"+CHR$0

and

SYS"OS_PrettyPrint","Tom"+CHR$9+CHR$0
SYS"OS_PrettyPrint","Dick"+CHR$9+CHR$0
SYS"OS_PrettyPrint","Harry"+CHR$0

but as described above, one eighth of the time there’s four billion differences.

Sep 17, 2019 12:02pm

Clive Semmens (2335) 3276 posts

But is trying to print four billion spaces actually fatal?

Sep 17, 2019 12:12pm

Rick Murray (539) 13850 posts

I’m genuinely surprised that nobody has run into that in some 30 years.

Or…

…maybe they did, and they’re still waiting for the machine to finish outputting spaces?

Sep 17, 2019 5:48pm

Clive Semmens (2335) 3276 posts

Or…

…maybe they did, and didn’t survive?

Sep 17, 2019 6:07pm

Rick Murray (539) 13850 posts

Ah, the naff end of the year when the days are getting ever shorter…

…maybe they did, and didn’t survive?

Gave me a giggle at work, imaging that there’s some really hot program for RISC OS 2 that was just waiting to be finished and released, and then the four billion bug bit and that poor bloke’s A310, with its zippy 8MHz processor has been busy printing out spaces to the screen. The world has moved on but this poor guy has been there, hair going grey, waiting, and on the cusp of being able to release his creation to the world.

Oh my god.

Maybe that’s what happened to Tempest?

Sep 17, 2019 7:19pm

Steve Pampling (1551) 8172 posts

Ah, the naff end of the year when the days are getting ever shorter…

+/- a small faction the length of the day is constant, the daylight period for any spot on the surface of the earth does vary though (by an amount proportional to the polar proximity of the aforementioned point.)

Just thought I’d let you know. :)

Sep 17, 2019 7:29pm

Rick Murray (539) 13850 posts

+/- a small faction the length of the day is constant,

Depends upon your interpretation of the word “day”.
As there was no prefix, I’m using the definition where “day” is the bright bit and “night” is the dark bit.

The day you’re thinking of is the solar day.
There’s also the sideareal day, which is one solar day longer in the course of a year.
And, elsewhere, sols (because there’s 39½ minutes extra).

See? “Day” is complicated.

Sep 17, 2019 9:27pm

Steve Pampling (1551) 8172 posts

I’m using the definition where “day” is the bright bit and “night” is the dark bit.

daytime or daylight hours vs. night-time or dark hours

See? “Day” is complicated.

Old story, where the punchline is basically that the native speaker of English rarely understands it.

Proof? Ask someone for proof and they supply observed ‘facts’ without a method of testing (which you just asked for)

Sep 17, 2019 9:53pm

Rick Murray (539) 13850 posts

that the native speaker of English rarely understands

:-)

https://dictionary.cambridge.org/dictionary/english/day

Yours is the first definition, mine is the second. Both are valid.

We probably have “solar day” and “daytime” because the word “day” can mean different things, not just to different people but in different contexts to the same person. For example “day” being the light part of the 24 hour cycle, then “I’ll see you the day after tomorrow” and finally “I work a seven hour day with forty five minutes for break”.
Such are a vagaries of English.

Sep 17, 2019 9:55pm

Rick Murray (539) 13850 posts

Only three billion and nine hundred ninety-nine million, nine hundred and ninety-nine thousand, and nine hundred and ninety-two posts to go to catch up with PrettyPrint’s fail. :-)

Sep 17, 2019 11:07pm

Steve Pampling (1551) 8172 posts

For example “day” being the light part of the 24 hour cycle, then “I’ll see you the day after tomorrow” and finally “I work a seven hour day with forty five minutes for break”.
Such are a vagaries of English.

Made vague by the users abbreviating to something they say as an existing word daytime/daylight abbreviated to the same as a 24hour duration.

posts to go to catch up with PrettyPrint’s fail. :-)

Is part of your mind working on the possibility Nemo counted¹ them all? :)

¹ Our new Unix bod actually counted the column positions of the end of line in some printer output pushed to a plaintext file.
I asked why didn’t use Notepad++ to read it, shift to the line end and look at the info bar to see what column he was on. Head —> desk, repeat…

OS_PrettyPrint can kill you

Reply

Search forums

Social

ROOL Store

Donate! Why?

RISC OS IPR

Description

Voices

Options

Sep 17, 2019 11:24am nemo (145) 2554 posts	Sometimes even I am staggered by the bugs in RISC OS. This one is extraordinarily dangerous, and terribly ancient. Warning: Testing this outside of a TaskWindow WILL stiff your machine, requiring a reset. So save your buffers folks. PrettyPrint is a simple text formatter that is used by many parts of the OS to output text, especially if the results are to be tabulated or word-wrapped. It also provides Alphabet-agnostic hard space support, which is nice. Be aware that the string you supply must be null terminated, NOT a CR as that’s just a NewLine to PrettyPrint. I repeat, only test this in a TaskWindow. [Ironically, the first two things it does is read the available text window width and the cursor X position – both of which will be dead wrong in a TaskWindow, but that’s a subject for a different discussion.] The bug concerns tabs (chr 9) which cause its internal cursor position to be advanced to a multiple of eight. In order to tabulate to the next column it has to count the length of the next word, to see if it will fit on the line. If not, it does a NewLine instead of a tab. The bug is that it does not expect the length of the next word to be zero. It will be zero if there are two tabs in succession, but it spots that specifically by the character code. What it does not notice is when the next code is 0, the string terminator. It proceeds as though there is a word there. It calculates how many spaces are needed to advance, adds that word length, and checks that it fits. If it does, it starts printing spaces and decrementing its count. Unfortunately it uses a BNE instead of a BGT test, which means in one edge case the count is zero before the decrement… and PrettyPrint proceeds to print four and a quarter billion spaces. This will trigger it: SYS"OS_PrettyPrint","Bother!"+CHR$9+CHR$0 Six letters or eight letters, fine. Seven letters, bang. How ancient? The version in Arthur was fine. This bug dates back to the RISC OS 2.00 rewrite to introduce dictionary tokens.

Sep 17, 2019 11:33am nemo (145) 2554 posts	I found this because I was concerned by a few commands that build a list of words returned from an extensible interface in a fixed sized buffer, separated by tabs, and then PrettyPrint the buffer, and couldn’t cope with a buffer overrun. Why not just print a buffer at a time, or even one word at a time, with a tab on the end? There should not be any material difference between: SYS"OS_PrettyPrint","Tom"+CHR$9+"Dick"+CHR$9+"Harry"+CHR$0 and SYS"OS_PrettyPrint","Tom"+CHR$9+CHR$0 SYS"OS_PrettyPrint","Dick"+CHR$9+CHR$0 SYS"OS_PrettyPrint","Harry"+CHR$0 but as described above, one eighth of the time there’s four billion differences.

Sep 17, 2019 12:02pm Clive Semmens (2335) 3276 posts	But is trying to print four billion spaces actually fatal?

Sep 17, 2019 12:12pm Rick Murray (539) 13850 posts	I’m genuinely surprised that nobody has run into that in some 30 years. Or… …maybe they did, and they’re still waiting for the machine to finish outputting spaces?

Sep 17, 2019 5:48pm Clive Semmens (2335) 3276 posts	Or… …maybe they did, and didn’t survive?

Sep 17, 2019 6:07pm Rick Murray (539) 13850 posts	Ah, the naff end of the year when the days are getting ever shorter… …maybe they did, and didn’t survive? Gave me a giggle at work, imaging that there’s some really hot program for RISC OS 2 that was just waiting to be finished and released, and then the four billion bug bit and that poor bloke’s A310, with its zippy 8MHz processor has been busy printing out spaces to the screen. The world has moved on but this poor guy has been there, hair going grey, waiting, and on the cusp of being able to release his creation to the world. Oh my god. Maybe that’s what happened to Tempest?

Sep 17, 2019 7:19pm Steve Pampling (1551) 8172 posts	Ah, the naff end of the year when the days are getting ever shorter… +/- a small faction the length of the day is constant, the daylight period for any spot on the surface of the earth does vary though (by an amount proportional to the polar proximity of the aforementioned point.) Just thought I’d let you know. :)

Sep 17, 2019 7:29pm Rick Murray (539) 13850 posts	+/- a small faction the length of the day is constant, Depends upon your interpretation of the word “day”. As there was no prefix, I’m using the definition where “day” is the bright bit and “night” is the dark bit. The day you’re thinking of is the solar day. There’s also the sideareal day, which is one solar day longer in the course of a year. And, elsewhere, sols (because there’s 39½ minutes extra). See? “Day” is complicated.

Sep 17, 2019 9:27pm Steve Pampling (1551) 8172 posts	I’m using the definition where “day” is the bright bit and “night” is the dark bit. daytime or daylight hours vs. night-time or dark hours See? “Day” is complicated. Old story, where the punchline is basically that the native speaker of English rarely understands it. Proof? Ask someone for proof and they supply observed ‘facts’ without a method of testing (which you just asked for)

Sep 17, 2019 9:53pm Rick Murray (539) 13850 posts	that the native speaker of English rarely understands :-) https://dictionary.cambridge.org/dictionary/english/day Yours is the first definition, mine is the second. Both are valid. We probably have “solar day” and “daytime” because the word “day” can mean different things, not just to different people but in different contexts to the same person. For example “day” being the light part of the 24 hour cycle, then “I’ll see you the day after tomorrow” and finally “I work a seven hour day with forty five minutes for break”. Such are a vagaries of English.

Sep 17, 2019 9:55pm Rick Murray (539) 13850 posts	Only three billion and nine hundred ninety-nine million, nine hundred and ninety-nine thousand, and nine hundred and ninety-two posts to go to catch up with PrettyPrint’s fail. :-)

Sep 17, 2019 11:07pm Steve Pampling (1551) 8172 posts	For example “day” being the light part of the 24 hour cycle, then “I’ll see you the day after tomorrow” and finally “I work a seven hour day with forty five minutes for break”. Such are a vagaries of English. Made vague by the users abbreviating to something they say as an existing word daytime/daylight abbreviated to the same as a 24hour duration. posts to go to catch up with PrettyPrint’s fail. :-) Is part of your mind working on the possibility Nemo counted¹ them all? :) ¹ Our new Unix bod actually counted the column positions of the end of line in some printer output pushed to a plaintext file. I asked why didn’t use Notepad++ to read it, shift to the line end and look at the info bar to see what column he was on. Head —> desk, repeat…