httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 52832] numerical configuration entry can be mistakenly interpreted without users' awareness
Date Wed, 02 Apr 2014 11:48:02 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52832

--- Comment #3 from Olaf van der Spek <OlafvdSpek@GMail.Com> ---
(In reply to Tianyin Xu from comment #2)
> Being fed with a overflowed number, atoi() will return a random number.
> 
> for example, on my machine, ind b = atoi(10000000000), b will be 1410065408. 

Actually it's worse: "If the value cannot be represented, the behavior is
undefined."

http://pubs.opengroup.org/onlinepubs/009695399/functions/atoi.html

Code using strtol often fails to check for ERANGE too.
IMO the best solution would be to introduce a better strtol wrapper that
returns an int/error on invalid input.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message