[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[groff] 11/11: [indxbib]: Mitigate Savannah #65452.
From: |
G. Branden Robinson |
Subject: |
[groff] 11/11: [indxbib]: Mitigate Savannah #65452. |
Date: |
Wed, 13 Mar 2024 16:16:26 -0400 (EDT) |
gbranden pushed a commit to branch master
in repository groff.
commit d7b36a45fc3f49f7db82f5edd33c2a66696115e5
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
AuthorDate: Wed Mar 13 14:50:42 2024 -0500
[indxbib]: Mitigate Savannah #65452.
* src/utils/indxbib/indxbib.cpp: Validate `-h` option arguments more
carefully.
(main): Insist on an argument value of at least 2, since a hash table
of size 1 is pointless.
(check_integer_arg): Try to be more robust in the fact of C/C++'s
notorious lax integer sizing practices. We might consider gnulib's
"xstrtol" module. Check `errno` for `ERANGE` after calling
`strtoll()` and add range-oriented fatal diagnostic. Promote other
`-h` argument validation errors to `fatal()`. Only perform a
comparison against INT_MAX if LONG_MAX is larger than INT_MAX in the
first place. Report the supported range in range diagnostics. Use
C++- instead of C-style type cast of result.
Mitigates, but arguably does not fix,
<https://savannah.gnu.org/bugs/?65452>. Thanks to Alex Colomar for the
report.
I wanted to use `strtoll()`, but...
error: ISO C++ 1998 does not support ‘long long’ [-Wlong-long]
...and in any case that just kicks the can to other architectures where
int, long, and long long are all 64 bits wide.
gnulib, take me away...
---
ChangeLog | 20 ++++++++++++++++++++
src/utils/indxbib/indxbib.cpp | 20 ++++++++++++--------
2 files changed, 32 insertions(+), 8 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 5502e8213..9bfaa9e6f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,23 @@
+2024-03-13 G. Branden Robinson <g.branden.robinson@gmail.com>
+
+ * src/utils/indxbib/indxbib.cpp: Validate `-h` option arguments
+ more carefully.
+ (main): Insist on an argument value of at least 2, since a hash
+ table of size 1 is pointless.
+ (check_integer_arg): Try to be more robust in the fact of
+ C/C++'s notorious lax integer sizing practices. We might
+ consider gnulib's "xstrtol" module. Check `errno` for `ERANGE`
+ after calling `strtoll()` and add range-oriented fatal
+ diagnostic. Promote other `-h` argument validation errors to
+ `fatal()`. Only perform a comparison against INT_MAX if
+ LONG_MAX is larger than INT_MAX in the first place. Report the
+ supported range in range diagnostics. Use C++- instead of
+ C-style type cast of result.
+
+ Mitigates, but arguably does not fix,
+ https://savannah.gnu.org/bugs/?65452>. Thanks to Alex Colomar
+ for the report.
+
2024-03-12 G. Branden Robinson <g.branden.robinson@gmail.com>
[mdoc]: Improve diagnostic message format (4/4).
diff --git a/src/utils/indxbib/indxbib.cpp b/src/utils/indxbib/indxbib.cpp
index 59c266780..dab501718 100644
--- a/src/utils/indxbib/indxbib.cpp
+++ b/src/utils/indxbib/indxbib.cpp
@@ -147,7 +147,7 @@ int main(int argc, char **argv)
case 'h':
{
int requested_hash_table_size;
- check_integer_arg('h', optarg, 1, &requested_hash_table_size);
+ check_integer_arg('h', optarg, 2, &requested_hash_table_size);
hash_table_size = requested_hash_table_size;
if ((hash_table_size > 2) && (hash_table_size % 2) == 0)
hash_table_size++;
@@ -343,16 +343,20 @@ static void check_integer_arg(char opt, const char *arg,
int min, int *res)
{
char *ptr;
long n = strtol(arg, &ptr, 10);
- if (n == 0 && ptr == arg)
- error("argument to -%1 not an integer", opt);
+ if (ERANGE == errno)
+ fatal("argument to -%1 must be between %2 and %3", arg, min,
+ INT_MAX);
+ else if (n == 0 && ptr == arg)
+ fatal("argument to -%1 not an integer", opt);
else if (n < min)
- error("argument to -%1 must not be less than %2", opt, min);
+ fatal("argument to -%1 must not be less than %2", opt, min);
else {
- if (n > INT_MAX)
- error("argument to -%1 greater than maximum integer", opt);
+ if ((LONG_MAX > INT_MAX) && (n > INT_MAX))
+ fatal("argument to -%1 must be between %2 and %3", arg, min,
+ INT_MAX);
else if (*ptr != '\0')
- error("junk after integer argument to -%1", opt);
- *res = int(n);
+ fatal("junk after integer argument to -%1", opt);
+ *res = static_cast<int>(n);
}
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [groff] 11/11: [indxbib]: Mitigate Savannah #65452.,
G. Branden Robinson <=