[PATCH weston] config-parser: Catch negative numbers assigned to unsigned config values
Bryce Harrington
bryce at osg.samsung.com
Tue Jul 12 22:49:39 UTC 2016
On Tue, Jul 12, 2016 at 10:58:05AM -0700, Bill Spitzak wrote:
> I tested this and at least for libc on linux it returns 0x100000000-n, ie
> "-1" is 0xFFFFFFFF.
>
> This is actually pretty useful when the unsigned value is bitflags or you
> want to guarantee you typed in the largest number possible. I am not sure
> you really want to disable it, especially if it prevents entry for 1/2 the
> possible numbers.
Sure, but nothing using this routine requires either of those
capabilities.
Bryce
> On Tue, Jul 12, 2016 at 5:17 AM, Eric Engestrom <eric.engestrom at imgtec.com>
> wrote:
>
> > On Mon, Jul 11, 2016 at 05:55:15PM -0700, Bryce Harrington wrote:
> > > strtoul() has a side effect that when given a string representing a
> > > negative number, it returns a negated version as the value, and does not
> > > flag an error. IOW, strtoul("-42", &val) sets val to 42. This could
> > > potentially result in unintended surprise behaviors, such as if one were
> > > to inadvertantly set a config param to -1 expecting that to disable it,
> > > but with the result of setting the param to 1 instead.
> > >
> > > Catch this by using strtol() and then manually check for the negative
> > > value. This logic is modelled after Wayland's strtouint().
> > >
> > > Note that this change unfortunately reduces the range of parseable
> > > numbers from [0,UINT_MAX] to [0,INT_MAX]. The current users of
> > > weston_config_section_get_uint() are anticipating numbers far smaller
> > > than either of these limits, so the change is believed to have no impact
> > > in practice.
> > >
> > > Also add a test case for negative numbers that catches this error
> > > condition.
> > >
> > > Signed-off-by: Bryce Harrington <bryce at osg.samsung.com>
> >
> > Looks good to me.
> > Reviewed-by: Eric Engestrom <eric.engestrom at imgtec.com>
> > _______________________________________________
> > wayland-devel mailing list
> > wayland-devel at lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/wayland-devel
> >
More information about the wayland-devel
mailing list