From patchwork Tue May 24 22:58:13 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
X-Patchwork-Id: 16035
Return-Path: <libcamera-devel-bounces@lists.libcamera.org>
X-Original-To: parsemail@patchwork.libcamera.org
Delivered-To: parsemail@patchwork.libcamera.org
Received: from lancelot.ideasonboard.com (lancelot.ideasonboard.com
	[92.243.16.209])
	by patchwork.libcamera.org (Postfix) with ESMTPS id 47EE3C326D
	for <parsemail@patchwork.libcamera.org>;
	Tue, 24 May 2022 22:58:39 +0000 (UTC)
Received: from lancelot.ideasonboard.com (localhost [IPv6:::1])
	by lancelot.ideasonboard.com (Postfix) with ESMTP id E4B6F65680;
	Wed, 25 May 2022 00:58:38 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=libcamera.org;
	s=mail; t=1653433118;
	bh=q5bcKpUKf2VCUYBU6wO/nSr1MvL3jZOliCxcDfokEEo=;
	h=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=zLGkl0oqi3TYWg7sq3CHYyreJasoWefk55gnHvVZPl9eGSodlgID+8B5pkOs0Zz3q
	l6bJYGt5AobNYwEp9NY2RTG7peOghESyRJWhfIyPGCkJvmGs12EftWRvA1A52zE6b+
	zDX9p8op5DPMG7g9ExW1qPuA9DmJhEVBeWmAAWOqiM34e7kbGU6it4/eou/DtYqI0X
	Nt9/R6tqfwWo9dJbKqGfCRQdgngODP4cDTNvWM5huN9bwytf7bm4BkMeLpwqzH1xBC
	Vg4osPIuvoYK9U7UmjQ5fY4VszChac4oK3j5/KwvpG4Rv7fe6usGtf9T5LZk3mynNX
	vinjf8ZMCb8bQ==
Received: from perceval.ideasonboard.com (perceval.ideasonboard.com
	[IPv6:2001:4b98:dc2:55:216:3eff:fef7:d647])
	by lancelot.ideasonboard.com (Postfix) with ESMTPS id D8B1565663
	for <libcamera-devel@lists.libcamera.org>;
	Wed, 25 May 2022 00:58:29 +0200 (CEST)
Authentication-Results: lancelot.ideasonboard.com; dkim=pass (1024-bit key;
	unprotected) header.d=ideasonboard.com
	header.i=@ideasonboard.com
	header.b="ijFG2eam"; dkim-atps=neutral
Received: from pendragon.ideasonboard.com (ip-109-40-241-133.web.vodafone.de
	[109.40.241.133])
	by perceval.ideasonboard.com (Postfix) with ESMTPSA id 4730D1287;
	Wed, 25 May 2022 00:58:29 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;
	s=mail; t=1653433109;
	bh=q5bcKpUKf2VCUYBU6wO/nSr1MvL3jZOliCxcDfokEEo=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=ijFG2eamASjaq2uNB1q/vWEkPwjqmnoLdrAQtFsOYF12dvzkFQS/TF5wt54oJBtAh
	EmZw8GsnOv4nQJA3t00caBtqcGPKUghKSaQ4jVLt5Ox5s6RY3iTbJVL22X4Y7crSBo
	4A2Rbfm/uxIMU1YvzRhcG421MwpfkWkr7/a3o56k=
To: libcamera-devel@lists.libcamera.org
Date: Wed, 25 May 2022 01:58:13 +0300
Message-Id: <20220524225816.6830-10-laurent.pinchart@ideasonboard.com>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220524225816.6830-1-laurent.pinchart@ideasonboard.com>
References: <20220524225816.6830-1-laurent.pinchart@ideasonboard.com>
MIME-Version: 1.0
Subject: [libcamera-devel] [RFC PATCH 09/12] libcamera: yaml_parser: Fix
	range checks for 32-bit integers
X-BeenThere: libcamera-devel@lists.libcamera.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <libcamera-devel.lists.libcamera.org>
List-Unsubscribe: <https://lists.libcamera.org/options/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>
List-Archive: <https://lists.libcamera.org/pipermail/libcamera-devel/>
List-Post: <mailto:libcamera-devel@lists.libcamera.org>
List-Help: <mailto:libcamera-devel-request@lists.libcamera.org?subject=help>
List-Subscribe: <https://lists.libcamera.org/listinfo/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>
X-Patchwork-Original-From: Laurent Pinchart via libcamera-devel
	<libcamera-devel@lists.libcamera.org>
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reply-To: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Errors-To: libcamera-devel-bounces@lists.libcamera.org
Sender: "libcamera-devel" <libcamera-devel-bounces@lists.libcamera.org>

The strtol() and strtoul() functions return long integers, which may be
larger than 32-bit integers. Add manual range checks.

Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
---
 src/libcamera/yaml_parser.cpp | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/libcamera/yaml_parser.cpp b/src/libcamera/yaml_parser.cpp
index 65b9a9097375..f0b5eb96449b 100644
--- a/src/libcamera/yaml_parser.cpp
+++ b/src/libcamera/yaml_parser.cpp
@@ -10,6 +10,7 @@
 #include <cstdlib>
 #include <errno.h>
 #include <functional>
+#include <limits>
 
 #include <libcamera/base/file.h>
 #include <libcamera/base/log.h>
@@ -151,9 +152,11 @@ int32_t YamlObject::get(const int32_t &defaultValue, bool *ok) const
 	char *end;
 
 	errno = 0;
-	int32_t value = std::strtol(value_.c_str(), &end, 10);
+	long value = std::strtol(value_.c_str(), &end, 10);
 
-	if ('\0' != *end || errno == ERANGE)
+	if ('\0' != *end || errno == ERANGE ||
+	    value < std::numeric_limits<int32_t>::min() ||
+	    value > std::numeric_limits<int32_t>::max())
 		return defaultValue;
 
 	setOk(ok, true);
@@ -185,9 +188,11 @@ uint32_t YamlObject::get(const uint32_t &defaultValue, bool *ok) const
 	char *end;
 
 	errno = 0;
-	uint32_t value = std::strtoul(value_.c_str(), &end, 10);
+	unsigned long value = std::strtoul(value_.c_str(), &end, 10);
 
-	if ('\0' != *end || errno == ERANGE)
+	if ('\0' != *end || errno == ERANGE ||
+	    value < std::numeric_limits<uint32_t>::min() ||
+	    value > std::numeric_limits<uint32_t>::max())
 		return defaultValue;
 
 	setOk(ok, true);