From patchwork Thu Jun 16 14:24:02 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
X-Patchwork-Id: 16242
Return-Path: <libcamera-devel-bounces@lists.libcamera.org>
X-Original-To: parsemail@patchwork.libcamera.org
Delivered-To: parsemail@patchwork.libcamera.org
Received: from lancelot.ideasonboard.com (lancelot.ideasonboard.com
	[92.243.16.209])
	by patchwork.libcamera.org (Postfix) with ESMTPS id DAE69C3277
	for <parsemail@patchwork.libcamera.org>;
	Thu, 16 Jun 2022 14:24:28 +0000 (UTC)
Received: from lancelot.ideasonboard.com (localhost [IPv6:::1])
	by lancelot.ideasonboard.com (Postfix) with ESMTP id D05106564E;
	Thu, 16 Jun 2022 16:24:26 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=libcamera.org;
	s=mail; t=1655389467;
	bh=r9lS+1HujmZ7MfQVdOdG+DnAUFPXoJWwZN4J+mpa6RI=;
	h=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=QYYm1YIFIVI1JBUy96UebjcV5BjeKG1A7IH9SLikEMe9DfOX80robQJy/82mcPdpi
	Fnd77PIa5p6MJdEFxiWA77KP0w+CoNCshQT7ElsHv5l155sdsb0xv8TqAQhUtfAz0W
	N5CtaqhOFiX1QbK9znGSWo92uqIBpu1cqH1fpp7c6TB3YzA8Q5nVJHSPMzOueDAsHt
	UzTO/LhuDrNhv4m5twbaszIQfafpXepxPlkdzHsMlND4gtAbTlK+ky0Y11rO8AF4an
	zEDOWJpCwNwm3CqFFgHa3qX5ii+oaaqieqSY+M/CrcC+avJDQWwQle+QgldExd4E6j
	w4CJICfxH27KQ==
Received: from perceval.ideasonboard.com (perceval.ideasonboard.com
	[IPv6:2001:4b98:dc2:55:216:3eff:fef7:d647])
	by lancelot.ideasonboard.com (Postfix) with ESMTPS id 225A965646
	for <libcamera-devel@lists.libcamera.org>;
	Thu, 16 Jun 2022 16:24:22 +0200 (CEST)
Authentication-Results: lancelot.ideasonboard.com; dkim=pass (1024-bit key;
	unprotected) header.d=ideasonboard.com
	header.i=@ideasonboard.com
	header.b="MFfnWv8k"; dkim-atps=neutral
Received: from pendragon.lan (62-78-145-57.bb.dnainternet.fi [62.78.145.57])
	by perceval.ideasonboard.com (Postfix) with ESMTPSA id 7A810898;
	Thu, 16 Jun 2022 16:24:21 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;
	s=mail; t=1655389461;
	bh=r9lS+1HujmZ7MfQVdOdG+DnAUFPXoJWwZN4J+mpa6RI=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=MFfnWv8kwvMsJg2OLsCusS0b2cgaUCjOzNONzKZdU1c2DhQca7tJsRozwby2tfkrs
	NlBoLS6FKMQNRgEywULYZLmuyTK/LxHz43JT+aG2rAd67fkCSov8Zv209IRQYwvbsH
	X2XAxdFxK7+lOfgmoUVLyvIFiT7GnXzWIVo4ubu0=
To: libcamera-devel@lists.libcamera.org
Date: Thu, 16 Jun 2022 17:24:02 +0300
Message-Id: <20220616142403.20723-7-laurent.pinchart@ideasonboard.com>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220616142403.20723-1-laurent.pinchart@ideasonboard.com>
References: <20220616142403.20723-1-laurent.pinchart@ideasonboard.com>
MIME-Version: 1.0
Subject: [libcamera-devel] [PATCH 6/7] libcamera: yaml_parser: Fix range
	checks for 32-bit integers
X-BeenThere: libcamera-devel@lists.libcamera.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <libcamera-devel.lists.libcamera.org>
List-Unsubscribe: <https://lists.libcamera.org/options/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>
List-Archive: <https://lists.libcamera.org/pipermail/libcamera-devel/>
List-Post: <mailto:libcamera-devel@lists.libcamera.org>
List-Help: <mailto:libcamera-devel-request@lists.libcamera.org?subject=help>
List-Subscribe: <https://lists.libcamera.org/listinfo/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>
X-Patchwork-Original-From: Laurent Pinchart via libcamera-devel
	<libcamera-devel@lists.libcamera.org>
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reply-To: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Errors-To: libcamera-devel-bounces@lists.libcamera.org
Sender: "libcamera-devel" <libcamera-devel-bounces@lists.libcamera.org>

The strtol() and strtoul() functions return long integers, which may be
larger than 32-bit integers. Add manual range checks.

Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Jacopo Mondi <jacopo@jmondi.org>
Reviewed-by: Han-Lin Chen <hanlinchen@chromium.org>
---
 src/libcamera/yaml_parser.cpp | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/libcamera/yaml_parser.cpp b/src/libcamera/yaml_parser.cpp
index 9b6e70cbfcf3..bd4b501b1422 100644
--- a/src/libcamera/yaml_parser.cpp
+++ b/src/libcamera/yaml_parser.cpp
@@ -10,6 +10,7 @@
 #include <cstdlib>
 #include <errno.h>
 #include <functional>
+#include <limits>
 
 #include <libcamera/base/file.h>
 #include <libcamera/base/log.h>
@@ -151,9 +152,11 @@ int32_t YamlObject::get(const int32_t &defaultValue, bool *ok) const
 	char *end;
 
 	errno = 0;
-	int32_t value = std::strtol(value_.c_str(), &end, 10);
+	long value = std::strtol(value_.c_str(), &end, 10);
 
-	if ('\0' != *end || errno == ERANGE)
+	if ('\0' != *end || errno == ERANGE ||
+	    value < std::numeric_limits<int32_t>::min() ||
+	    value > std::numeric_limits<int32_t>::max())
 		return defaultValue;
 
 	setOk(ok, true);
@@ -185,9 +188,11 @@ uint32_t YamlObject::get(const uint32_t &defaultValue, bool *ok) const
 	char *end;
 
 	errno = 0;
-	uint32_t value = std::strtoul(value_.c_str(), &end, 10);
+	unsigned long value = std::strtoul(value_.c_str(), &end, 10);
 
-	if ('\0' != *end || errno == ERANGE)
+	if ('\0' != *end || errno == ERANGE ||
+	    value < std::numeric_limits<uint32_t>::min() ||
+	    value > std::numeric_limits<uint32_t>::max())
 		return defaultValue;
 
 	setOk(ok, true);