[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #65452] [indxbib] possibly incomplete bounds check after strtol(3)
From: |
G. Branden Robinson |
Subject: |
[bug #65452] [indxbib] possibly incomplete bounds check after strtol(3) |
Date: |
Wed, 13 Mar 2024 16:19:54 -0400 (EDT) |
Update of bug #65452 (group groff):
Status: In Progress => None
Assigned to: gbranden => None
_______________________________________________________
Follow-up Comment #2:
Whoops, forgot to erase all the `strtoll()` evidence...
commit d7b36a45fc3f49f7db82f5edd33c2a66696115e5 (HEAD -> master,
origin/master, origin/HEAD)
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
Date: Wed Mar 13 14:50:42 2024 -0500
[indxbib]: Mitigate Savannah #65452.
* src/utils/indxbib/indxbib.cpp: Validate `-h` option arguments more
carefully.
(main): Insist on an argument value of at least 2, since a hash table
of size 1 is pointless.
(check_integer_arg): Try to be more robust in the fact of C/C++'s
notorious lax integer sizing practices. We might consider gnulib's
"xstrtol" module. Check `errno` for `ERANGE` after calling
`strtoll()` and add range-oriented fatal diagnostic. Promote other
`-h` argument validation errors to `fatal()`. Only perform a
comparison against INT_MAX if LONG_MAX is larger than INT_MAX in the
first place. Report the supported range in range diagnostics. Use
C++- instead of C-style type cast of result.
Mitigates, but arguably does not fix,
<https://savannah.gnu.org/bugs/?65452>. Thanks to Alex Colomar for the
report.
I wanted to use `strtoll()`, but...
error: ISO C++ 1998 does not support ‘long long’ [-Wlong-long]
...and in any case that just kicks the can to other architectures where
int, long, and long long are all 64 bits wide.
gnulib, take me away...
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?65452>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/