[uClibc 0001577]: strtol accepts backtick as valid digit

bugs at busybox.net bugs at busybox.net
Wed Nov 7 12:36:10 UTC 2007


A NOTE has been added to this issue. 
====================================================================== 
http://busybox.net/bugs/view.php?id=1577 
====================================================================== 
Reported By:                patchman
Assigned To:                uClibc
====================================================================== 
Project:                    uClibc
Issue ID:                   1577
Category:                   Other
Reproducibility:            always
Severity:                   trivial
Priority:                   normal
Status:                     assigned
====================================================================== 
Date Submitted:             11-07-2007 02:44 PST
Last Modified:              11-07-2007 04:36 PST
====================================================================== 
Summary:                    strtol accepts backtick as valid digit
Description: 
strtol will not report an error if a backtick is part of the number-string
to
convert. E.g. "5000`" will be converted to 50009. Looking at the code I
see that
this is a corner case that is not checked:

...
digit = (((Wuchar)(*str - '0')) <= 9)
	? (*str - '0')
	: ((*str >= 'A')
	   ? (((0x20|(*str)) - 'a' + 10)) /* WARNING: assumes ascii. */
		  : 40);

if (digit >= base) {
	break;
}
...

A backtick is 0x60. So it is greater than 'A'. 0x20|0x60 is 0x80.
0x80-'a'+10
evaluates to '9' which is accepted as a valid digit. This piece of code
occurs
more than once in the code. The trunk seems to contain the bug, too.

The solution would be to explicitly check for this case.
====================================================================== 

---------------------------------------------------------------------- 
 patchman - 11-07-07 03:12  
---------------------------------------------------------------------- 
Similar code seems to exist in the floating point versions of this
routines. At
least when hexadecimal floats are enabled. 

---------------------------------------------------------------------- 
 patchman - 11-07-07 04:36  
---------------------------------------------------------------------- 
Small correction: 0x20|0x60 is 0x60. 0x60-'a'+10 evaluates to 9. I append a
patch
that will fix this - maybe there is a more elegant way ... 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
11-07-07 02:44  patchman       New Issue                                    
11-07-07 02:44  patchman       Status                   new => assigned     
11-07-07 02:44  patchman       Assigned To               => uClibc          
11-07-07 03:12  patchman       Note Added: 0002894                          
11-07-07 04:36  patchman       Note Added: 0002895                          
======================================================================




More information about the uClibc-cvs mailing list