Bug#1091337: [tina] May generate duplicate Item-ID on some architectures

[Peter Pentchev]

Source: tina
Version: 0.1.7
Severity: normal
Tags: upstream patch
X-Debbugs-Cc: r...@debian.org

The tina source includes, in the item.c file, a conversion of
a time_t value to a string, treating the integer value as
a C 'long int'. However, in some cases, e.g. 32-bit architectures with
a 64-bit time_t value, this assumption is wrong, and due to
some specificities of the C language's integer promotion,
this may lead to generating the same Item-ID value for
two or more newly-created database items.

The attached patch is merely a quick band-aid; a more elaborate fix and
a set of tests will be included in the next tina upstream release.

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.12.5-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- no debconf information


Description: Fix handling 64-bit time_t on big-endian 32-bit architectures
 Due to some specificities of the C language's handling of
 integer values of different sizes, integer promotion, and
 the in-memory layout of integer values, if time_t is 64-bit and
 long int is 32-bit, new items generated in quick succession may get
 the same Item-ID.
 .
 This is a quick band-aid; a more elaborate fix (and tests) will
 be made upstream.
Forwarded: yes
Author: Peter Pentchev <r...@ringlet.net>
Last-Update: 2024-12-23

--- a/item.c
+++ b/item.c
@@ -7,6 +7,7 @@
 
 #define _GNU_SOURCE
 
+#include <inttypes.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -23,7 +24,7 @@
   char buf[256];
   size_t len;
 
-  snprintf (buf, sizeof (buf), "<%lx.%x@", time (NULL), rand ());
+  snprintf (buf, sizeof (buf), "<%jx.%x@", (intmax_t)time (NULL), rand ());
   len = strlen (buf);
   gethostname (buf + len, sizeof (buf) - len - 1);
   strcat (buf, ">");

signature.asc
Description: PGP signature