-
Notifications
You must be signed in to change notification settings - Fork 226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reject negative numbers in strtoul(3) #875
Conversation
479b590
to
c7ecc13
Compare
!! This may break some users (already broken users, that is). We'll need at least a release note. |
Queued after #863 (done) |
6cb388b
to
5a30949
Compare
5a30949
to
1c097ba
Compare
df4deae
to
1c097ba
Compare
1c097ba
to
6735732
Compare
v2 changes:
|
6735732
to
bdd8f03
Compare
v3 changes:
|
v3b changes:
|
bdd8f03
to
183d332
Compare
v4 changes:
|
183d332
to
8873245
Compare
v4b changes:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Since Serge already started reviewing this PR I think it should be him who merges it when it's ready.
These functions reject negative numbers, instead of silently converting them into unsigned, which strtou[l]l(3) do. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Cc: "Serge E. Hallyn" <serge@hallyn.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
strtou[l]l(3) silently converts negative numbers into positive. This behavior is wrong: a negative value should be parsed as a negative value, which would underflow unsigned (long) long, and so would return the smallest possible value, 0, and set errno to ERANGE to report an error. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Cc: "Serge E. Hallyn" <serge@hallyn.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
8873245
to
2fa4837
Compare
v4c changes:
|
And I'll remind of this before merging. |
Thanks, looks good |
Is there any case here worth warning about? Certainly not in parsing id mappings. |
I'm not sure. :\ Maybe I would just say in the release notes that we're now more strict in what (numeric) input is valid. That would put on alert those who have broken files. |
No description provided.