[src/trunk]: src/lib/libc/stdlib Add more bugs. Namely, besides the return va...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/lib/libc/stdlib Add more bugs. Namely, besides the return va...
From: jruoho <jruoho%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 18:56:09 +0000

details:   https://anonhg.NetBSD.org/src/rev/fca0fd90f471
branches:  trunk
changeset: 754461:fca0fd90f471
user:      jruoho <jruoho%NetBSD.org@localhost>
date:      Sat May 01 08:12:30 2010 +0000

description:
Add more bugs. Namely, besides the return values that are confusing, no
function in a modern standard C library, exposed by <stdlib.h>, should be as
easy to (buffer) overflow as strsuftollx(3).

In addition, improvements to wording and markup.

diffstat:

 lib/libc/stdlib/strsuftoll.3 |  55 ++++++++++++++++++++++++++++++++++++--------
 1 files changed, 45 insertions(+), 10 deletions(-)

diffs (101 lines):

diff -r 1c8ad4875e1f -r fca0fd90f471 lib/libc/stdlib/strsuftoll.3
--- a/lib/libc/stdlib/strsuftoll.3      Sat May 01 06:18:03 2010 +0000
+++ b/lib/libc/stdlib/strsuftoll.3      Sat May 01 08:12:30 2010 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: strsuftoll.3,v 1.7 2008/04/30 13:10:51 martin Exp $
+.\"    $NetBSD: strsuftoll.3,v 1.8 2010/05/01 08:12:30 jruoho Exp $
 .\"
 .\" Copyright (c) 2002,2007 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd April 12, 2007
+.Dd May 1, 2010
 .Dt STRSUFTOLL 3
 .Os
 .Sh NAME
@@ -49,7 +49,8 @@
 .Fn strsuftollx
 convert
 .Fa val
-into a long long number,
+into a number of type
+.Vt long long ,
 checking that the result is not smaller than
 .Fa min
 or larger than
@@ -57,19 +58,21 @@
 Two or more decimal numbers may be separated by an
 .Dq x
 to indicate a product.
+.Pp
 Each decimal number may have one of the following optional suffixes:
+.Pp
 .Bl -tag -width 3n -offset indent -compact
-.It b
+.It Em b
 Block; multiply by 512
-.It k
+.It Em k
 Kibi; multiply by 1024 (1 KiB)
-.It m
+.It Em m
 Mebi; multiply by 1048576 (1 MiB)
-.It g
+.It Em g
 Gibi; multiply by 1073741824 (1 GiB)
-.It t
+.It Em t
 Tebi; multiply by 1099511627776 (1 TiB)
-.It w
+.It Em w
 Word; multiply by the number of bytes in an integer
 .El
 .Pp
@@ -83,6 +86,17 @@
 and
 .Fn strsuftoll
 displays that error and terminates the process.
+The parameter
+.Fa desc
+is used to construct
+.Fa errbuf .
+.Pp
+Neither
+.Fa desc
+nor
+.Fa val
+may be
+.Dv NULL .
 .Sh RETURN VALUES
 The functions
 .Fn strsuftoll
@@ -107,4 +121,25 @@
 .Xr errx 3 ,
 .Xr strtoll 3
 .Sh BUGS
-Ignores the current locale.
+At least few limitations should be mentioned:
+.Bl -bullet
+.It
+Both functions ignore the current locale.
+.It
+Neither
+.Fn strsuftoll
+nor
+.Fn strsuftollx
+fail gracefully in case of invalid,
+.Dv NULL ,
+pointers.
+.It
+The return values are inconsistent.
+.It
+The
+.Fn strsuftollx
+function is prone to buffer overflows if used incorrectly.
+Arguably only
+.Fn strsuftoll
+should be exposed to a caller.
+.El

Prev by Date: [src/trunk]: src/sys/kern IPL_VM is the highest interrupt priority where alld...
Next by Date: [src/trunk]: src/lib/libc/stdlib Improvements to wording and markup.
Previous by Thread: [src/trunk]: src/sys/kern IPL_VM is the highest interrupt priority where alld...
Next by Thread: [src/trunk]: src/lib/libc/stdlib Improvements to wording and markup.
Indexes:

Home | Main Index | Thread Index | Old Index