[groff] 11/11: [indxbib]: Mitigate Savannah #65452.

groff-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[groff] 11/11: [indxbib]: Mitigate Savannah #65452.

From:	G. Branden Robinson
Subject:	[groff] 11/11: [indxbib]: Mitigate Savannah #65452.
Date:	Wed, 13 Mar 2024 16:16:26 -0400 (EDT)

gbranden pushed a commit to branch master
in repository groff.

commit d7b36a45fc3f49f7db82f5edd33c2a66696115e5
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
AuthorDate: Wed Mar 13 14:50:42 2024 -0500

    [indxbib]: Mitigate Savannah #65452.
    
    * src/utils/indxbib/indxbib.cpp: Validate `-h` option arguments more
      carefully.
    
      (main): Insist on an argument value of at least 2, since a hash table
      of size 1 is pointless.
    
      (check_integer_arg): Try to be more robust in the fact of C/C++'s
      notorious lax integer sizing practices.  We might consider gnulib's
      "xstrtol" module.  Check `errno` for `ERANGE` after calling
      `strtoll()` and add range-oriented fatal diagnostic.  Promote other
      `-h` argument validation errors to `fatal()`.  Only perform a
      comparison against INT_MAX if LONG_MAX is larger than INT_MAX in the
      first place.  Report the supported range in range diagnostics.  Use
      C++- instead of C-style type cast of result.
    
    Mitigates, but arguably does not fix,
    <https://savannah.gnu.org/bugs/?65452>.  Thanks to Alex Colomar for the
    report.
    
    I wanted to use `strtoll()`, but...
      error: ISO C++ 1998 does not support ‘long long’ [-Wlong-long]
    ...and in any case that just kicks the can to other architectures where
    int, long, and long long are all 64 bits wide.
    
    gnulib, take me away...
---
 ChangeLog                     | 20 ++++++++++++++++++++
 src/utils/indxbib/indxbib.cpp | 20 ++++++++++++--------
 2 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 5502e8213..9bfaa9e6f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,23 @@
+2024-03-13  G. Branden Robinson <g.branden.robinson@gmail.com>
+
+       * src/utils/indxbib/indxbib.cpp: Validate `-h` option arguments
+       more carefully.
+       (main): Insist on an argument value of at least 2, since a hash
+       table of size 1 is pointless.
+       (check_integer_arg): Try to be more robust in the fact of
+       C/C++'s notorious lax integer sizing practices.  We might
+       consider gnulib's "xstrtol" module.  Check `errno` for `ERANGE`
+       after calling `strtoll()` and add range-oriented fatal
+       diagnostic.  Promote other `-h` argument validation errors to
+       `fatal()`.  Only perform a comparison against INT_MAX if
+       LONG_MAX is larger than INT_MAX in the first place.  Report the
+       supported range in range diagnostics.  Use C++- instead of
+       C-style type cast of result.
+
+       Mitigates, but arguably does not fix,
+       https://savannah.gnu.org/bugs/?65452>.  Thanks to Alex Colomar
+       for the report.
+
 2024-03-12  G. Branden Robinson <g.branden.robinson@gmail.com>
 
        [mdoc]: Improve diagnostic message format (4/4).
diff --git a/src/utils/indxbib/indxbib.cpp b/src/utils/indxbib/indxbib.cpp
index 59c266780..dab501718 100644
--- a/src/utils/indxbib/indxbib.cpp
+++ b/src/utils/indxbib/indxbib.cpp
@@ -147,7 +147,7 @@ int main(int argc, char **argv)
     case 'h':
       {
        int requested_hash_table_size;
-       check_integer_arg('h', optarg, 1, &requested_hash_table_size);
+       check_integer_arg('h', optarg, 2, &requested_hash_table_size);
        hash_table_size = requested_hash_table_size;
        if ((hash_table_size > 2) && (hash_table_size % 2) == 0)
                hash_table_size++;
@@ -343,16 +343,20 @@ static void check_integer_arg(char opt, const char *arg, 
int min, int *res)
 {
   char *ptr;
   long n = strtol(arg, &ptr, 10);
-  if (n == 0 && ptr == arg)
-    error("argument to -%1 not an integer", opt);
+  if (ERANGE == errno)
+    fatal("argument to -%1 must be between %2 and %3", arg, min,
+         INT_MAX);
+  else if (n == 0 && ptr == arg)
+    fatal("argument to -%1 not an integer", opt);
   else if (n < min)
-    error("argument to -%1 must not be less than %2", opt, min);
+    fatal("argument to -%1 must not be less than %2", opt, min);
   else {
-    if (n > INT_MAX)
-      error("argument to -%1 greater than maximum integer", opt);
+    if ((LONG_MAX > INT_MAX) && (n > INT_MAX))
+      fatal("argument to -%1 must be between %2 and %3", arg, min,
+           INT_MAX);
     else if (*ptr != '\0')
-      error("junk after integer argument to -%1", opt);
-    *res = int(n);
+      fatal("junk after integer argument to -%1", opt);
+    *res = static_cast<int>(n);
   }
 }

[Prev in Thread]

Current Thread

[Next in Thread]

[groff] 11/11: [indxbib]: Mitigate Savannah #65452., G. Branden Robinson <=

Prev by Date: [groff] 10/11: [mdoc]: Improve diagnostic message format (4/4).
Next by Date: [groff] 03/11: doc/groff.texi.in: Fix incorrect Info navigation.
Previous by thread: [groff] 10/11: [mdoc]: Improve diagnostic message format (4/4).
Next by thread: [groff] 03/11: doc/groff.texi.in: Fix incorrect Info navigation.
Index(es):
- Date
- Thread