From: Benjamin Gray <bgray@linux.ibm.com>
To: linuxppc-dev@lists.ozlabs.org
Cc: Benjamin Gray <bgray@linux.ibm.com>, ajd@linux.ibm.com
Subject: [PATCH v2 5/7] selftests/powerpc: Parse long/unsigned long value safely
Date: Wed, 23 Nov 2022 10:11:01 +1100 [thread overview]
Message-ID: <20221122231103.15829-6-bgray@linux.ibm.com> (raw)
In-Reply-To: <20221122231103.15829-1-bgray@linux.ibm.com>
Often a file is expected to hold an integral value. Existing functions
will use a C stdlib function like atoi or strtol to parse the file.
These operations are error prone, with complicated error conditions
(atoi returns 0 if not a number, and is undefined behaviour if not in
range. strtol returns 0 if not a number, and LONG_MIN/MAX if not in
range + sets errno to ERANGE).
Add a dedicated parse function that accounts for these error conditions
so tests can safely parse numbers without undetected bad data. It's a
bit ugly to generate the functions through a macro, but it beats copying
the error check logic multiple times over.
Signed-off-by: Benjamin Gray <bgray@linux.ibm.com>
---
.../testing/selftests/powerpc/include/utils.h | 5 ++
tools/testing/selftests/powerpc/pmu/lib.c | 9 ++--
tools/testing/selftests/powerpc/utils.c | 53 +++++++++++++++++--
3 files changed, 59 insertions(+), 8 deletions(-)
diff --git a/tools/testing/selftests/powerpc/include/utils.h b/tools/testing/selftests/powerpc/include/utils.h
index de5e3790f397..b82e143a07c6 100644
--- a/tools/testing/selftests/powerpc/include/utils.h
+++ b/tools/testing/selftests/powerpc/include/utils.h
@@ -33,6 +33,11 @@ void *get_auxv_entry(int type);
int pick_online_cpu(void);
+int parse_int(const char *buffer, size_t count, int *result, int base);
+int parse_long(const char *buffer, size_t count, long *result, int base);
+int parse_uint(const char *buffer, size_t count, unsigned int *result, int base);
+int parse_ulong(const char *buffer, size_t count, unsigned long *result, int base);
+
int read_file(const char *path, char *buf, size_t count, size_t *len);
int write_file(const char *path, const char *buf, size_t count);
int read_debugfs_file(const char *debugfs_file, char *buf, size_t count);
diff --git a/tools/testing/selftests/powerpc/pmu/lib.c b/tools/testing/selftests/powerpc/pmu/lib.c
index e8960e7a1271..771658278f55 100644
--- a/tools/testing/selftests/powerpc/pmu/lib.c
+++ b/tools/testing/selftests/powerpc/pmu/lib.c
@@ -192,16 +192,15 @@ bool require_paranoia_below(int level)
{
int err;
long current;
- char *end, buf[16];
+ char buf[16] = {0};
+ char *end;
- if ((err = read_file(PARANOID_PATH, buf, sizeof(buf), NULL))) {
+ if ((err = read_file(PARANOID_PATH, buf, sizeof(buf) - 1, NULL))) {
printf("Couldn't read " PARANOID_PATH "?\n");
return false;
}
- current = strtol(buf, &end, 10);
-
- if (end == buf) {
+ if ((err = parse_long(buf, sizeof(buf), ¤t, 10))) {
printf("Couldn't parse " PARANOID_PATH "?\n");
return false;
}
diff --git a/tools/testing/selftests/powerpc/utils.c b/tools/testing/selftests/powerpc/utils.c
index 22a255cd43d1..7c7d8aaa69fb 100644
--- a/tools/testing/selftests/powerpc/utils.c
+++ b/tools/testing/selftests/powerpc/utils.c
@@ -8,6 +8,8 @@
#include <elf.h>
#include <errno.h>
#include <fcntl.h>
+#include <inttypes.h>
+#include <limits.h>
#include <link.h>
#include <sched.h>
#include <stdio.h>
@@ -113,6 +115,53 @@ int write_debugfs_file(const char *subpath, const char *buf, size_t count)
return write_file(path, buf, count);
}
+#define TYPE_MIN(x) \
+ _Generic((x), \
+ int: INT_MIN, \
+ long: LONG_MIN, \
+ unsigned int: 0, \
+ unsigned long: 0)
+
+#define TYPE_MAX(x) \
+ _Generic((x), \
+ int: INT_MAX, \
+ long: LONG_MAX, \
+ unsigned int: INT_MAX, \
+ unsigned long: LONG_MAX)
+
+#define define_parse_number(fn, type, super_type) \
+ int fn(const char *buffer, size_t count, type *result, int base) \
+ { \
+ char *end; \
+ super_type parsed; \
+ \
+ errno = 0; \
+ parsed = _Generic(parsed, \
+ intmax_t: strtoimax, \
+ uintmax_t: strtoumax)(buffer, &end, base); \
+ \
+ if (errno == ERANGE || \
+ parsed < TYPE_MIN(*result) || parsed > TYPE_MAX(*result)) \
+ return ERANGE; \
+ \
+ /* Require at least one digit */ \
+ if (end == buffer) \
+ return EINVAL; \
+ \
+ /* Require all remaining characters be whitespace-ish */ \
+ for (; end < buffer + count; end++) \
+ if (!(*end == ' ' || *end == '\n' || *end == '\0')) \
+ return EINVAL; \
+ \
+ *result = parsed; \
+ return 0; \
+ }
+
+define_parse_number(parse_int, int, intmax_t);
+define_parse_number(parse_long, long, intmax_t);
+define_parse_number(parse_uint, unsigned int, uintmax_t);
+define_parse_number(parse_ulong, unsigned long, uintmax_t);
+
void *find_auxv_entry(int type, char *auxv)
{
ElfW(auxv_t) *p;
@@ -213,9 +262,7 @@ int read_debugfs_int(const char *debugfs_file, int *result)
if ((err = read_debugfs_file(debugfs_file, value, sizeof(value) - 1)))
return err;
- *result = atoi(value);
-
- return 0;
+ return parse_int(value, sizeof(value), result, 10);
}
int write_debugfs_int(const char *debugfs_file, int result)
--
2.38.1
next prev parent reply other threads:[~2022-11-22 23:16 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-22 23:10 [PATCH v2 0/7] Expand selftest utils Benjamin Gray
2022-11-22 23:10 ` [PATCH v2 1/7] selftests/powerpc: Use mfspr/mtspr macros Benjamin Gray
2022-11-25 1:12 ` Andrew Donnellan
2022-11-22 23:10 ` [PATCH v2 2/7] selftests/powerpc: Add ptrace setup_core_pattern() null-terminator Benjamin Gray
2022-11-22 23:10 ` [PATCH v2 3/7] selftests/powerpc: Add generic read/write file util Benjamin Gray
2022-11-22 23:11 ` [PATCH v2 4/7] selftests/powerpc: Add read/write debugfs file, int Benjamin Gray
2022-11-22 23:11 ` Benjamin Gray [this message]
2022-11-22 23:11 ` [PATCH v2 6/7] selftests/powerpc: Add {read,write}_{long,ulong} Benjamin Gray
2022-11-22 23:11 ` [PATCH v2 7/7] selftests/powerpc: Add automatically allocating read_file Benjamin Gray
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221122231103.15829-6-bgray@linux.ibm.com \
--to=bgray@linux.ibm.com \
--cc=ajd@linux.ibm.com \
--cc=linuxppc-dev@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).