[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Possibly incomplete bounds check after strtol(3)
From: |
Alejandro Colomar |
Subject: |
Possibly incomplete bounds check after strtol(3) |
Date: |
Sun, 14 Jan 2024 20:19:18 +0100 |
Hi Branden,
I see some code calling strtol(3) that I suspect won't behave well in
some systems:
$ grepc -tfd check_integer_arg .
./src/utils/indxbib/indxbib.cpp:static void check_integer_arg(char opt, const
char *arg, int min, int *res)
{
char *ptr;
long n = strtol(arg, &ptr, 10);
if (n == 0 && ptr == arg)
error("argument to -%1 not an integer", opt);
else if (n < min)
error("argument to -%1 must not be less than %2", opt, min);
else {
if (n > INT_MAX)
error("argument to -%1 greater than maximum integer", opt);
else if (*ptr != '\0')
error("junk after integer argument to -%1", opt);
*res = int(n);
}
}
I think these tests miss some corner cases:
- If INT_MAX==LONG_MAX, then n>INT_MAX is impossible, but strtol(3)
will return LONG_MAX and errno ERANGE for values greater than that.
groff is silently accepting input >LONG_MAX in those systems, and
silently saturating it to LONG_MAX (INT_MAX).
- If min==INT_MIN==LONG_MIN, then a similar thing happens for underflow.
Cheers,
Alex
--
<https://www.alejandro-colomar.es/>
Looking for a remote C programming job at the moment.
signature.asc
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Possibly incomplete bounds check after strtol(3),
Alejandro Colomar <=