[PATCH weston] config-parser: Catch negative numbers assigned to unsigned config values
Eric Engestrom
eric.engestrom at imgtec.com
Tue Jul 12 12:17:20 UTC 2016
On Mon, Jul 11, 2016 at 05:55:15PM -0700, Bryce Harrington wrote:
> strtoul() has a side effect that when given a string representing a
> negative number, it returns a negated version as the value, and does not
> flag an error. IOW, strtoul("-42", &val) sets val to 42. This could
> potentially result in unintended surprise behaviors, such as if one were
> to inadvertantly set a config param to -1 expecting that to disable it,
> but with the result of setting the param to 1 instead.
>
> Catch this by using strtol() and then manually check for the negative
> value. This logic is modelled after Wayland's strtouint().
>
> Note that this change unfortunately reduces the range of parseable
> numbers from [0,UINT_MAX] to [0,INT_MAX]. The current users of
> weston_config_section_get_uint() are anticipating numbers far smaller
> than either of these limits, so the change is believed to have no impact
> in practice.
>
> Also add a test case for negative numbers that catches this error
> condition.
>
> Signed-off-by: Bryce Harrington <bryce at osg.samsung.com>
Looks good to me.
Reviewed-by: Eric Engestrom <eric.engestrom at imgtec.com>
More information about the wayland-devel
mailing list