PR# 14568 Retrieve of corrupted file created by independent_store gets floating point exception

Problem Report Summary
Submitter: prestoat2000
Category: Runtime
Priority: Medium
Date: 2008/07/08
Class: Bug
Severity: Serious
Number: 14568
Release: 6.2.73753
Confidential: No
Status: Open
Responsible:
Environment: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.9) Gecko/20071111 Firefox/2.0.0.9 Solaris 10 on SPARC
Synopsis: Retrieve of corrupted file created by independent_store gets floating point exception

Description
Based on code inspection (and confirmed with the attached example), retrieving
a file created by `independent_store' that happens to be corrupted in a 
particular way can cause a floating point exception, due to a divide by zero.

The cause appears to be two lines in retrieve.c (in `ridr_multi_ptr' and
`old_ridr_multi_int') that are

   cap = idrf_buffer_size / s;

Local `s' is of type char and its value is read from the file, so if the file
is corrupted and the length `s' represents is replaced by `%U' we get a
divide by zero.

Although you may not be able to prevent all such crashes, this one seems to
be quite preventable by calling `eraise' with EN_RETR.
To Reproduce
Compile with attached classes on 32-bit system.  Execute system.
Execution terminates with a floating point exception.
Class should probably be adjusted to calculate the offset into which the '%U'
character is stored, rather than using a constant that won't work on some
platforms (particularly 64-bit platforms) or if store format changes.
Problem Report Interactions
From:prestoat2000    Date:2008/12/24    Download    
I modified the original test to take an argument, which is the position in
the file containing the independent stored object at which to put a null
(%U character).  Depending on what argument I pass (this is Solaris SPARC
32-bit) on 6.4.76313, I get different failure results.  It seems that from
a programmers point of view, I should always get "retrieve exception".  
Otherwise I have to catch all exceptions when retrieving.  Certainly, the
"floating point exception" (last case below) seems to be a bug.

With argument of 0:

Retrieve exception 
(Program caught retrieve exception, rescued it and printed this.  Seems like
 a correct result).

With argument of 4:

-------------------------------------------------------------------------------
RAW_FILE            c_retrieved
<00000000016CAC20>  (From FILE)            I/O error.                    Fail
-------------------------------------------------------------------------------

With argument of 10:

---------------------------------------
....
Output truncated, Click download to get the full message

From:prestoat2000    Date:2008/07/08    Download    
Attachments for problem report #14568

Attachment: test2.e     Size:800
Attachment: test2.ecf     Size:890