Re: [Qemu-devel] [PATCH 1/2] hmp: expr_unary(): check for overflow in strtoul()/strtoull()

[Luiz Capitulino]

On Fri, 27 Apr 2012 09:22:46 -0600
Eric Blake <address@hidden> wrote:

> On 04/27/2012 07:26 AM, Luiz Capitulino wrote:
> >>>>> The test n == ULLONG_MAX is redundant.
> >>>>
> >>>> But harmless.
> >>>
> >>> Yes, and I prefer to comply to the standard (as there's no strong
> >>> reason not to do so).
> >>
> >> What standard?
> > 
> > http://pubs.opengroup.org/onlinepubs/009695399/functions/strtoul.html
> 
> Which says that ERANGE is only possible if the return is ULLONG_MAX, but
> since it also says that errno is unchanged on success, and that errno
> must be ERANGE on overflow, it is sufficient to check errno==ERANGE
> without having to also check the return value as a way to detect
> overflow.  The only possible difference it might make to check the
> return value first is that you can filter out an errno check for all
> other return values, and on platforms where 'errno' evaluates to a macro
> that invokes a function in order to access a thread-local, then avoiding
> an errno comparison on the common case of no overflow is a potentially
> worthwhile micro-optimization.
> 
> Again, all this conversation just goes to strengthen my claim that the
> strtol() UI is evil, and that the only decent way to do
> string-to-integer processing is to wrap it in a nicer interface, so that
> it becomes easier to audit just the wrapper instead of all callers for
> compliance with all the subtle details.

I plan to introduce the wrapper in the near future.