diff options
author | Dan McArdle <dmcardle@google.com> | 2021-07-20 12:55:35 -0400 |
---|---|---|
committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2021-07-20 18:37:20 +0000 |
commit | 17be3872ab3243fff6014f66d196d77b79d18119 (patch) | |
tree | 3f09718ace7bc551fef129c80ddf71a5ffcc4fd3 /tool/args.cc | |
parent | 897a2ca3f184b34278641138c726ef902ab1fab2 (diff) | |
download | boringssl-17be3872ab3243fff6014f66d196d77b79d18119.zip boringssl-17be3872ab3243fff6014f66d196d77b79d18119.tar.gz boringssl-17be3872ab3243fff6014f66d196d77b79d18119.tar.bz2 |
Check strtoul return for overflow error in GetUnsigned()
Currently, GetUnsigned() calls strtoul and checks whether the resulting
unsigned long int is greater than UINT_MAX. This implicitly assumes that
UINT_MAX < ULONG_MAX.
Problematically, `unsigned long int` and `unsigned` have the same size
on Windows [0] and on 32-bit architectures.
For correctness, we now check whether strtoul failed because it would
overflow the unsigned long int before checking whether the value fits in
an unsigned type.
[0]: https://docs.microsoft.com/en-us/cpp/cpp/data-type-ranges?view=msvc-160
Change-Id: I49702febf4543bfb7991592717443e0b2adb954f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48545
Commit-Queue: Dan McArdle <dmcardle@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Diffstat (limited to 'tool/args.cc')
-rw-r--r-- | tool/args.cc | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/tool/args.cc b/tool/args.cc index 9ec18a3..4deb881 100644 --- a/tool/args.cc +++ b/tool/args.cc @@ -15,6 +15,7 @@ #include <string> #include <vector> +#include <errno.h> #include <limits.h> #include <stdio.h> #include <stdlib.h> @@ -92,13 +93,16 @@ bool GetUnsigned(unsigned *out, const std::string &arg_name, return false; } + errno = 0; char *endptr; unsigned long int num = strtoul(value.c_str(), &endptr, 10); - if (*endptr || - num > UINT_MAX) { + if (num == ULONG_MAX && errno == ERANGE) { return false; } + if (*endptr != 0 || num > UINT_MAX) { + return false; + } + *out = static_cast<unsigned>(num); - *out = num; return true; } |