[PATCH weston] config-parser: Catch negative numbers assigned to unsigned config values

Eric Engestrom eric.engestrom at imgtec.com
Tue Jul 12 12:17:20 UTC 2016

On Mon, Jul 11, 2016 at 05:55:15PM -0700, Bryce Harrington wrote:
> strtoul() has a side effect that when given a string representing a
> negative number, it returns a negated version as the value, and does not
> flag an error.  IOW, strtoul("-42", &val) sets val to 42.  This could
> potentially result in unintended surprise behaviors, such as if one were
> to inadvertantly set a config param to -1 expecting that to disable it,
> but with the result of setting the param to 1 instead.
> Catch this by using strtol() and then manually check for the negative
> value.  This logic is modelled after Wayland's strtouint().
> Note that this change unfortunately reduces the range of parseable
> numbers from [0,UINT_MAX] to [0,INT_MAX].  The current users of
> weston_config_section_get_uint() are anticipating numbers far smaller
> than either of these limits, so the change is believed to have no impact
> in practice.
> Also add a test case for negative numbers that catches this error
> condition.
> Signed-off-by: Bryce Harrington <bryce at osg.samsung.com>

Looks good to me.
Reviewed-by: Eric Engestrom <eric.engestrom at imgtec.com>

More information about the wayland-devel mailing list