[PATCH] man: strto[iu](): BUGS: Document precedence of ENOTSUP over ERANGE
Thorsten Glaser
tg at mirbsd.de
Sat Jan 20 00:33:57 UTC 2024
Alejandro Colomar dixit:
> .Sh BUGS
>+If both
>+.Er ERANGE
>+and
>+.Er ENOTSUP
>+would happen,
>+this function reports
>+.Er ENOTSUP.
>+This makes it impossible to reliably check for out-of-range values.
IMHO at the *very* most CAVEATS, not BUGS.
You say…
>strtol(3) and relatives have (ignoring EINVAL) 3
>stages, not 2. Firstly we make sure we parsed a number, secondly we
>make sure the number is valid (in range), and thirdly we check if
>there's any trailing text.
… but that’s wrong from a security design PoV (even if the result
here isn’t a security problem).
In general, first, you check if you have a valid anything, and only
then (once you know that the type is correct) you check that it’s
within that type’s bounds, not the other way round. This is also
what strtonum(3) does and is IMHO correct.
bye,
//mirabilos
--
> Hi, does anyone sell openbsd stickers by themselves and not packaged
> with other products?
No, the only way I've seen them sold is for $40 with a free OpenBSD CD.
-- Haroon Khalid and Steve Shockley in gmane.os.openbsd.misc
More information about the libbsd
mailing list