Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expunge strtoll(3) and strtol(3) #896

Open
wants to merge 14 commits into
base: master
Choose a base branch
from
Open

Expunge strtoll(3) and strtol(3) #896

wants to merge 14 commits into from

Conversation

alejandro-colomar
Copy link
Collaborator

@alejandro-colomar alejandro-colomar commented Jan 9, 2024
edited

Remove all calls to strtoll(3) and strtol(3), and replace them by safer calls like getlong() or getnum().

Revisions

v3 v3 changes:
  • Rebase
$ git range-diff gh/rm_noneg..gh/strtoll rm_noneg..strtoll 
 1:  dcae312d =  1:  bd966bc5 lib/typetraits.h: Add macros that give information about a type
 2:  3088e310 =  2:  afea5fae src/: Use str2[u]l() instead of atoi(3)
 3:  0d3b5e68 =  3:  617570b1 lib/get_gid.c: get_gid(): Reimplement in terms of a2i()
 4:  aecd2148 =  4:  afa3cebc lib/, libsubid/, po/, src/: get_gid(): Move function to "atoi/getnum.h"
 5:  955fbeec =  5:  a83f9774 lib/: Don't open-code get_gid()
 6:  7e485fa3 =  6:  10ec7b6e lib/get_pid.c: get_pid(): Reimplement in terms of a2i()
 7:  65fd4d27 =  7:  bdf47ee8 lib/: get_pid(): Move function to "atoi/getnum.h"
 8:  3cd8b0ef =  8:  fcfb5bf8 lib/atoi/getnum.[ch]: get_fd(): Add function for parsing a file descriptor from a string
 9:  f22ef57d =  9:  cc310f6b lib/get_pid.c: get_pidfd_from_fd(): Don't open-code get_fd()
10:  72573c2d = 10:  51690f85 src/usermod.c: getulong_range(): Reimplement in terms of a2ul()
11:  a3350c44 = 11:  0de3198b lib/get_uid.c: get_uid(): Reimplement in terms of a2i()
12:  be1e25ff = 12:  5d89bf4f lib/, po/, src/: get_uid(): Move function to "atoi/getnum.h"
13:  17194b35 = 13:  16d30dfe lib/limits.c: setrlimit_value(): Reimplement in terms of a2i()
v4 v4 changes:
  • Fix const-correctness issue, which has been uncovered by the const-generic liba2i macros.
$ git range-diff rm_noneg gh/strtoll strtoll 
 1:  bd966bc5 =  1:  bd966bc5 lib/typetraits.h: Add macros that give information about a type
 2:  afea5fae =  2:  afea5fae src/: Use str2[u]l() instead of atoi(3)
 3:  617570b1 =  3:  617570b1 lib/get_gid.c: get_gid(): Reimplement in terms of a2i()
 4:  afa3cebc =  4:  afa3cebc lib/, libsubid/, po/, src/: get_gid(): Move function to "atoi/getnum.h"
 5:  a83f9774 =  5:  a83f9774 lib/: Don't open-code get_gid()
 6:  10ec7b6e =  6:  10ec7b6e lib/get_pid.c: get_pid(): Reimplement in terms of a2i()
 7:  bdf47ee8 =  7:  bdf47ee8 lib/: get_pid(): Move function to "atoi/getnum.h"
 8:  fcfb5bf8 =  8:  fcfb5bf8 lib/atoi/getnum.[ch]: get_fd(): Add function for parsing a file descriptor from a string
 9:  cc310f6b =  9:  cc310f6b lib/get_pid.c: get_pidfd_from_fd(): Don't open-code get_fd()
10:  51690f85 = 10:  51690f85 src/usermod.c: getulong_range(): Reimplement in terms of a2ul()
11:  0de3198b = 11:  0de3198b lib/get_uid.c: get_uid(): Reimplement in terms of a2i()
12:  5d89bf4f = 12:  5d89bf4f lib/, po/, src/: get_uid(): Move function to "atoi/getnum.h"
13:  16d30dfe = 13:  16d30dfe lib/limits.c: setrlimit_value(): Reimplement in terms of a2i()
 -:  -------- > 14:  cff55356 src/usermod.c: Fix const correctness
v4b
  • Rebase
$ git range-diff gh/rm_noneg..gh/strtoll rm_noneg..strtoll 
 1:  bd966bc5 =  1:  abac335a lib/typetraits.h: Add macros that give information about a type
 2:  afea5fae =  2:  66a8ac5f src/: Use str2[u]l() instead of atoi(3)
 3:  617570b1 =  3:  10c74161 lib/get_gid.c: get_gid(): Reimplement in terms of a2i()
 4:  afa3cebc =  4:  44c7aea3 lib/, libsubid/, po/, src/: get_gid(): Move function to "atoi/getnum.h"
 5:  a83f9774 =  5:  26d63106 lib/: Don't open-code get_gid()
 6:  10ec7b6e =  6:  84c3bef0 lib/get_pid.c: get_pid(): Reimplement in terms of a2i()
 7:  bdf47ee8 =  7:  5b4afd79 lib/: get_pid(): Move function to "atoi/getnum.h"
 8:  fcfb5bf8 =  8:  3e29da26 lib/atoi/getnum.[ch]: get_fd(): Add function for parsing a file descriptor from a string
 9:  cc310f6b =  9:  53352ba9 lib/get_pid.c: get_pidfd_from_fd(): Don't open-code get_fd()
10:  51690f85 = 10:  f4b116f9 src/usermod.c: getulong_range(): Reimplement in terms of a2ul()
11:  0de3198b = 11:  e24fbb5f lib/get_uid.c: get_uid(): Reimplement in terms of a2i()
12:  5d89bf4f = 12:  d7f1ca08 lib/, po/, src/: get_uid(): Move function to "atoi/getnum.h"
13:  16d30dfe = 13:  412f4c9c lib/limits.c: setrlimit_value(): Reimplement in terms of a2i()
14:  cff55356 = 14:  86734eae src/usermod.c: Fix const correctness
v4c
  • Rebase
$ git range-diff abac335a^..gh/strtoll shadow/master..strtoll 
 1:  abac335a =  1:  d06c81f2 lib/typetraits.h: Add macros that give information about a type
 2:  66a8ac5f =  2:  b8e914ff src/: Use str2[u]l() instead of atoi(3)
 3:  10c74161 =  3:  105697f2 lib/get_gid.c: get_gid(): Reimplement in terms of a2i()
 4:  44c7aea3 =  4:  36db6c51 lib/, libsubid/, po/, src/: get_gid(): Move function to "atoi/getnum.h"
 5:  26d63106 =  5:  310b3d80 lib/: Don't open-code get_gid()
 6:  84c3bef0 =  6:  7b9fe7ab lib/get_pid.c: get_pid(): Reimplement in terms of a2i()
 7:  5b4afd79 =  7:  7914f14a lib/: get_pid(): Move function to "atoi/getnum.h"
 8:  3e29da26 =  8:  7d00e662 lib/atoi/getnum.[ch]: get_fd(): Add function for parsing a file descriptor from a string
 9:  53352ba9 =  9:  044396c5 lib/get_pid.c: get_pidfd_from_fd(): Don't open-code get_fd()
10:  f4b116f9 = 10:  0a81ae8e src/usermod.c: getulong_range(): Reimplement in terms of a2ul()
11:  e24fbb5f = 11:  d9e31c73 lib/get_uid.c: get_uid(): Reimplement in terms of a2i()
12:  d7f1ca08 = 12:  53328602 lib/, po/, src/: get_uid(): Move function to "atoi/getnum.h"
13:  412f4c9c = 13:  4d4b4717 lib/limits.c: setrlimit_value(): Reimplement in terms of a2i()
14:  86734eae = 14:  b85ad7a5 src/usermod.c: Fix const correctness

@alejandro-colomar alejandro-colomar changed the title Expunge strtoll(3) Expunge strtoll(3) and strtol(3) Jan 9, 2024
@alejandro-colomar alejandro-colomar mentioned this pull request Mar 6, 2024
Open
@alejandro-colomar
Copy link
Collaborator Author

v2 changes:

  • Rebase to master
$ git range-diff gh/rm_noneg..gh/strtoll rm_noneg..strtoll 
 1:  d987cc23 !  1:  7a754763 lib/typetraits.h: Add macros that give information about a type
    @@ Commit message
     
      ## lib/Makefile.am ##
     @@ lib/Makefile.am: libshadow_la_SOURCES = \
    -   subordinateio.c \
    -   sulog.c \
    +   time/day_to_str.c \
    +   time/day_to_str.h \
        ttytype.c \
     +  typetraits.h \
        tz.c \
 2:  04c3c1ff =  2:  35a75a2f src/: Use str2[u]l() instead of atoi(3)
 3:  901bf98e =  3:  2a5df6b4 lib/get_gid.c: get_gid(): Reimplement in terms of a2i()
 4:  15664d4c !  4:  0245884e lib/, libsubid/, po/, src/: get_gid(): Move function to "atoi/getnum.h"
    @@ lib/prototypes.h: extern int find_new_sub_gids (gid_t *range_start, unsigned lon
     
      ## lib/sgetgrent.c ##
     @@
    - #include <grp.h>
    + #include <string.h>
      
      #include "alloc.h"
     +#include "atoi/getnum.h"
    @@ lib/sgetgrent.c
     
      ## lib/sgetpwent.c ##
     @@
    - #include "defines.h"
    - #include <stdio.h>
      #include <pwd.h>
    -+
    + #include <string.h>
    + 
     +#include "atoi/getnum.h"
    + #include "defines.h"
      #include "prototypes.h"
      #include "shadowlog_internal.h"
      
 5:  e6d47f2c =  5:  637a8484 lib/: Don't open-code get_gid()
 6:  59b2f005 =  6:  e5b31b34 lib/get_pid.c: get_pid(): Reimplement in terms of a2i()
 7:  23fd5ac6 =  7:  6bd34d8c lib/: get_pid(): Move function to "atoi/getnum.h"
 8:  35b3c86c =  8:  e908ef42 lib/atoi/getnum.[ch]: get_fd(): Add function for parsing a file descriptor from a string
 9:  4e0e9bf1 =  9:  05bd8850 lib/get_pid.c: get_pidfd_from_fd(): Don't open-code get_fd()
10:  8a4f7943 = 10:  d8fa7301 src/usermod.c: getulong_range(): Reimplement in terms of a2ul()
11:  330dd287 = 11:  ae87a7e9 lib/get_uid.c: get_uid(): Reimplement in terms of a2i()
12:  c77cfdab = 12:  27692802 lib/, po/, src/: get_uid(): Move function to "atoi/getnum.h"
13:  68ba7031 = 13:  a0b322e2 lib/limits.c: setrlimit_value(): Reimplement in terms of a2i()

@alejandro-colomar
Copy link
Collaborator Author

v2b changes:

  • Rebase on master
$ git range-diff gh/rm_noneg..gh/strtoll rm_noneg..strtoll 
 1:  7a754763 =  1:  6870a0e0 lib/typetraits.h: Add macros that give information about a type
 2:  35a75a2f =  2:  ebba199f src/: Use str2[u]l() instead of atoi(3)
 3:  2a5df6b4 =  3:  a2122723 lib/get_gid.c: get_gid(): Reimplement in terms of a2i()
 4:  0245884e =  4:  6eae04d4 lib/, libsubid/, po/, src/: get_gid(): Move function to "atoi/getnum.h"
 5:  637a8484 =  5:  debb96f4 lib/: Don't open-code get_gid()
 6:  e5b31b34 =  6:  82a992d3 lib/get_pid.c: get_pid(): Reimplement in terms of a2i()
 7:  6bd34d8c =  7:  58f28b8e lib/: get_pid(): Move function to "atoi/getnum.h"
 8:  e908ef42 =  8:  5eb9fc41 lib/atoi/getnum.[ch]: get_fd(): Add function for parsing a file descriptor from a string
 9:  05bd8850 =  9:  faa7cce1 lib/get_pid.c: get_pidfd_from_fd(): Don't open-code get_fd()
10:  d8fa7301 = 10:  14ccc58b src/usermod.c: getulong_range(): Reimplement in terms of a2ul()
11:  ae87a7e9 = 11:  fad7d7bb lib/get_uid.c: get_uid(): Reimplement in terms of a2i()
12:  27692802 = 12:  30d634ba lib/, po/, src/: get_uid(): Move function to "atoi/getnum.h"
13:  a0b322e2 = 13:  97d5ce57 lib/limits.c: setrlimit_value(): Reimplement in terms of a2i()

@alejandro-colomar
Copy link
Collaborator Author

v2c changes:

  • Rebase on master
$ git range-diff gh/rm_noneg..gh/strtoll rm_noneg..strtoll 
 1:  6870a0e0 =  1:  8f9ff452 lib/typetraits.h: Add macros that give information about a type
 2:  ebba199f =  2:  413993b3 src/: Use str2[u]l() instead of atoi(3)
 3:  a2122723 =  3:  4c2159dd lib/get_gid.c: get_gid(): Reimplement in terms of a2i()
 4:  6eae04d4 =  4:  dee66fc3 lib/, libsubid/, po/, src/: get_gid(): Move function to "atoi/getnum.h"
 5:  debb96f4 =  5:  c37c2ae4 lib/: Don't open-code get_gid()
 6:  82a992d3 =  6:  8dcd0354 lib/get_pid.c: get_pid(): Reimplement in terms of a2i()
 7:  58f28b8e =  7:  fa78d95c lib/: get_pid(): Move function to "atoi/getnum.h"
 8:  5eb9fc41 =  8:  a5bb3e22 lib/atoi/getnum.[ch]: get_fd(): Add function for parsing a file descriptor from a string
 9:  faa7cce1 =  9:  c7273620 lib/get_pid.c: get_pidfd_from_fd(): Don't open-code get_fd()
10:  14ccc58b = 10:  2def551a src/usermod.c: getulong_range(): Reimplement in terms of a2ul()
11:  fad7d7bb = 11:  a41871ee lib/get_uid.c: get_uid(): Reimplement in terms of a2i()
12:  30d634ba = 12:  5f862873 lib/, po/, src/: get_uid(): Move function to "atoi/getnum.h"
13:  97d5ce57 = 13:  0247134d lib/limits.c: setrlimit_value(): Reimplement in terms of a2i()

@alejandro-colomar
Copy link
Collaborator Author

v2d changes:

  • Rebase on master
$ git range-diff gh/rm_noneg..gh/strtoll rm_noneg..strtoll 
 1:  8f9ff452 =  1:  932fa96d lib/typetraits.h: Add macros that give information about a type
 2:  413993b3 =  2:  97471e54 src/: Use str2[u]l() instead of atoi(3)
 3:  4c2159dd =  3:  a5546d76 lib/get_gid.c: get_gid(): Reimplement in terms of a2i()
 4:  dee66fc3 =  4:  8f8095bc lib/, libsubid/, po/, src/: get_gid(): Move function to "atoi/getnum.h"
 5:  c37c2ae4 =  5:  6ad6667d lib/: Don't open-code get_gid()
 6:  8dcd0354 =  6:  cc67840f lib/get_pid.c: get_pid(): Reimplement in terms of a2i()
 7:  fa78d95c =  7:  dd1413cf lib/: get_pid(): Move function to "atoi/getnum.h"
 8:  a5bb3e22 =  8:  e5ddd6cc lib/atoi/getnum.[ch]: get_fd(): Add function for parsing a file descriptor from a string
 9:  c7273620 =  9:  d66e280a lib/get_pid.c: get_pidfd_from_fd(): Don't open-code get_fd()
10:  2def551a = 10:  21ee50c4 src/usermod.c: getulong_range(): Reimplement in terms of a2ul()
11:  a41871ee = 11:  11c0777f lib/get_uid.c: get_uid(): Reimplement in terms of a2i()
12:  5f862873 = 12:  fd9f2033 lib/, po/, src/: get_uid(): Move function to "atoi/getnum.h"
13:  0247134d = 13:  ae1fd8a2 lib/limits.c: setrlimit_value(): Reimplement in terms of a2i()

@alejandro-colomar
Copy link
Collaborator Author

v2e changes:

  • Rebase
$ git range-diff gh/rm_noneg..gh/strtoll rm_noneg..strtoll 
 1:  932fa96d =  1:  cc6c9099 lib/typetraits.h: Add macros that give information about a type
 2:  97471e54 =  2:  ceb9cf25 src/: Use str2[u]l() instead of atoi(3)
 3:  a5546d76 =  3:  80b2f03b lib/get_gid.c: get_gid(): Reimplement in terms of a2i()
 4:  8f8095bc =  4:  f3b68d0f lib/, libsubid/, po/, src/: get_gid(): Move function to "atoi/getnum.h"
 5:  6ad6667d =  5:  73828d71 lib/: Don't open-code get_gid()
 6:  cc67840f =  6:  5c1f3269 lib/get_pid.c: get_pid(): Reimplement in terms of a2i()
 7:  dd1413cf =  7:  9a8e8959 lib/: get_pid(): Move function to "atoi/getnum.h"
 8:  e5ddd6cc =  8:  9c272ae7 lib/atoi/getnum.[ch]: get_fd(): Add function for parsing a file descriptor from a string
 9:  d66e280a =  9:  a079abe2 lib/get_pid.c: get_pidfd_from_fd(): Don't open-code get_fd()
10:  21ee50c4 = 10:  6b4a6d42 src/usermod.c: getulong_range(): Reimplement in terms of a2ul()
11:  11c0777f = 11:  98676974 lib/get_uid.c: get_uid(): Reimplement in terms of a2i()
12:  fd9f2033 = 12:  995d0b87 lib/, po/, src/: get_uid(): Move function to "atoi/getnum.h"
13:  ae1fd8a2 = 13:  1125c9a7 lib/limits.c: setrlimit_value(): Reimplement in terms of a2i()

@alejandro-colomar
Copy link
Collaborator Author

v2f changes:

  • Rebase
$ git range-diff gh/rm_noneg..gh/strtoll rm_noneg..strtoll 
 1:  cc6c9099 =  1:  dcae312d lib/typetraits.h: Add macros that give information about a type
 2:  ceb9cf25 =  2:  3088e310 src/: Use str2[u]l() instead of atoi(3)
 3:  80b2f03b =  3:  0d3b5e68 lib/get_gid.c: get_gid(): Reimplement in terms of a2i()
 4:  f3b68d0f =  4:  aecd2148 lib/, libsubid/, po/, src/: get_gid(): Move function to "atoi/getnum.h"
 5:  73828d71 =  5:  955fbeec lib/: Don't open-code get_gid()
 6:  5c1f3269 =  6:  7e485fa3 lib/get_pid.c: get_pid(): Reimplement in terms of a2i()
 7:  9a8e8959 =  7:  65fd4d27 lib/: get_pid(): Move function to "atoi/getnum.h"
 8:  9c272ae7 =  8:  3cd8b0ef lib/atoi/getnum.[ch]: get_fd(): Add function for parsing a file descriptor from a string
 9:  a079abe2 =  9:  f22ef57d lib/get_pid.c: get_pidfd_from_fd(): Don't open-code get_fd()
10:  6b4a6d42 = 10:  72573c2d src/usermod.c: getulong_range(): Reimplement in terms of a2ul()
11:  98676974 = 11:  a3350c44 lib/get_uid.c: get_uid(): Reimplement in terms of a2i()
12:  995d0b87 = 12:  be1e25ff lib/, po/, src/: get_uid(): Move function to "atoi/getnum.h"
13:  1125c9a7 = 13:  17194b35 lib/limits.c: setrlimit_value(): Reimplement in terms of a2i()

@alejandro-colomar
Copy link
Collaborator Author

alejandro-colomar commented May 5, 2024
edited

It seems the const-generic macros have exposed some const correctness violations. They are probably nothing to worry, but I'll fix them.

Edit: Done.

@alejandro-colomar
lib/typetraits.h: Add macros that give information about a type
d06c81f 
In the case of is_unsigned() and is_signed(), the natural thing would be
to compare to 0:

	#define is_unsigned(x)  (((typeof(x)) -1) > 0)
	#define is_signed(x)    (((typeof(x)) -1) < 0)

However, that would trigger -Wtype-limits, so we compare against 1,
which silences that, and does the same job.

Signed-off-by: Alejandro Colomar <[email protected]>
@alejandro-colomar
src/: Use str2[u]l() instead of atoi(3)
b8e914f 
atoi(3) easily triggers Undefined Behavior.  Replace it by str2[u]l(),
which are safe from that, and add type safety too.

Signed-off-by: Alejandro Colomar <[email protected]>
@alejandro-colomar
lib/get_gid.c: get_gid(): Reimplement in terms of a2i()
105697f 
Signed-off-by: Alejandro Colomar <[email protected]>
@alejandro-colomar
lib/, libsubid/, po/, src/: get_gid(): Move function to "atoi/getnum.h"
36db6c5 
Implement it as an inline function, and add restrict and ATTR_STRING()
and ATTR_ACCESS() as appropriate.

Signed-off-by: Alejandro Colomar <[email protected]>
@alejandro-colomar
lib/: Don't open-code get_gid()
310b3d8 
These functions were open-coding get_gid().  Use the actual function.

Signed-off-by: Alejandro Colomar <[email protected]>
@alejandro-colomar
lib/get_pid.c: get_pid(): Reimplement in terms of a2i()
7b9fe7a 
Signed-off-by: Alejandro Colomar <[email protected]>
@alejandro-colomar
lib/: get_pid(): Move function to "atoi/getnum.h"
7914f14 
Implement it as an inline function, and add restrict and ATTR_STRING()
and ATTR_ACCESS() as appropriate.

Signed-off-by: Alejandro Colomar <[email protected]>
@alejandro-colomar
lib/atoi/getnum.[ch]: get_fd(): Add function for parsing a file descr…
7d00e66 
…iptor from a string

Signed-off-by: Alejandro Colomar <[email protected]>
@alejandro-colomar
lib/get_pid.c: get_pidfd_from_fd(): Don't open-code get_fd()
044396c 
Signed-off-by: Alejandro Colomar <[email protected]>
@alejandro-colomar
src/usermod.c: getulong_range(): Reimplement in terms of a2ul()
0a81ae8 
Signed-off-by: Alejandro Colomar <[email protected]>
@alejandro-colomar
lib/get_uid.c: get_uid(): Reimplement in terms of a2i()
d9e31c7 
Signed-off-by: Alejandro Colomar <[email protected]>
@alejandro-colomar
lib/, po/, src/: get_uid(): Move function to "atoi/getnum.h"
5332860 
Implement it as an inline function, and add restrict and ATTR_STRING()
and ATTR_ACCESS() as appropriate.

Signed-off-by: Alejandro Colomar <[email protected]>
@alejandro-colomar
lib/limits.c: setrlimit_value(): Reimplement in terms of a2i()
4d4b471 
Signed-off-by: Alejandro Colomar <[email protected]>
@alejandro-colomar
src/usermod.c: Fix const correctness
b85ad7a 
Now that we use liba2i's const-generic macros, we can (and must) use a
'const char **' endp where the input string is 'const char *'.

Signed-off-by: Alejandro Colomar <[email protected]>
@alejandro-colomar alejandro-colomar marked this pull request as ready for review May 27, 2024 16:28
@alejandro-colomar
Copy link
Collaborator Author

This is ready for review, @hallyn , @ikerexxe . :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hallyn hallyn Awaiting requested review from hallyn

@ikerexxe ikerexxe Awaiting requested review from ikerexxe

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@alejandro-colomar