CDRIVER-1377 bson_stroll detects range errors

ajdavis · ajdavis · commit 877c4652bc03 · 2016-11-14T21:42:41.000Z
diff --git a/NEWS b/NEWS
@@ -23,6 +23,9 @@ New features and bug fixes:
     as a string and ignored the scope.
   * bson_json_reader functions now always validate UTF-8
   * JSON parsing now preserves integer width
+  * bson_strtoll now matches stroll: it detects range errors, and when
+    parsing octal it stops at non-octal digits and returns what it parsed
+    instead of setting errno
   * New flag BSON_VALIDATE_EMPTY_KEYS causes bson_validate to fail if a document
     contains zero-length field names.
   * The configure option "--enable-hardening" had had no effect. It is removed
diff --git a/src/bson/bson-string.c b/src/bson/bson-string.c
@@ -679,8 +679,8 @@ bson_snprintf (char       *str,    /* IN */
  *       valid.
  *
  *       If an invalid value is encountered, errno will be set to EINVAL and
- *       zero will be returned. This function does not currently detect values
- *       that are out of range.
+ *       zero will be returned. If the number is out of range, errno is set to
+ *       ERANGE and LLONG_MAX or LLONG_MIN is returned.
  *
  * Returns:
  *       The result of the conversion.
@@ -696,123 +696,108 @@ bson_ascii_strtoll (const char  *s,
                     char       **e,
                     int          base)
 {
-    char *tok = (char *)s;
-    char c;
-    int64_t number = 0;
-    int64_t sign = 1;
-
-    if (!s) {
-       errno = EINVAL;
-       return 0;
-    }
-
-    c = *tok;
-
-    while (isspace (c)) {
-        c = *++tok;
-    }
-
-    if (!isdigit (c) && (c != '+') && (c != '-')) {
-        if (e != NULL) {
-           *e = tok - 1;
-        }
-        errno = EINVAL;
-        return 0;
-    }
-
-    if (c == '-') {
-        sign = -1;
-        c = *++tok;
-    }
-
-    if (c == '+') {
-        c = *++tok;
-    }
-
-    if (c == '0' && tok[1] != '\0' &&
-       (isdigit (tok[1]) || tok[1] == 'x' || tok[1] == 'X')) {
-        /* Hex, octal or decimal */
-
-        c = *++tok;
-
-        if (c == 'x' || c == 'X') { /* Hex */
-            if (base != 16 && base != 0) {
-                if (e != NULL) {
-                   *e = (char *)(s);
-                }
-                errno = EINVAL;
-                return 0;
-            }
-
-            c = *++tok;
-            if (!isxdigit (c)) {
-                if (e != NULL) {
-                   *e = tok;
-                }
-                errno = EINVAL;
-                return 0;
-            }
-            do {
-                number = (number << 4) + (c - '0');
-                c = *(++tok);
-            } while (isxdigit (c));
-        }
-        else { /* Octal or Decimal -- prefixed with 0 */
-            if (base != 8 && base != 0 && base != 10) {
-                if (e != NULL) {
-                   *e = (char *)(s);
-                }
-                errno = EINVAL;
-                return 0;
-            }
-            if (base == 10) {
-                do {
-                  number = (number * 10) + (c - '0');
-                  c = *(++tok);
-                } while (isdigit (c));
-            } else { /*Octal*/
-                if ( c < '0' || c >= '8') {
-                  if (e != NULL) {
-                     *e = tok;
-                  }
-                  errno = EINVAL;
-                  return 0;
-                }
-                do {
-                  number = (number << 3) + (c - '0');
-                  c = *(++tok);
-                } while (('0' <= c) && (c < '8'));
-            }
-        }
-
-        while (c == 'l' || c == 'L' || c == 'u' || c == 'U') {
-            c = *++tok;
-        }
-    }
-    else {
-        /* Decimal */
-        if (base != 10) {
-            if (e != NULL) {
-               *e = (char *)(s);
-            }
-            errno = EINVAL;
-            return 0;
-        }
-
-        do {
-            number = (number * 10) + (c - '0');
-            c = *(++tok);
-        } while (isdigit (c));
-
-        while (c == 'l' || c == 'L' || c == 'u' || c == 'U') {
-            c = *(++tok);
-        }
-    }
-
-    if (e != NULL) {
-       *e = tok;
-    }
-    errno = 0;
-    return (sign * number);
-}
+   char *tok = (char *) s;
+   char *digits_start;
+   char c;
+   int64_t number = 0;
+   int64_t sign = 1;
+   int64_t cutoff;
+   int64_t cutlim;
+
+   errno = 0;
+
+   if (!s) {
+      errno = EINVAL;
+      return 0;
+   }
+
+   c = *tok;
+
+   while (isspace (c)) {
+      c = *++tok;
+   }
+
+   if (c == '-') {
+      sign = -1;
+      c = *++tok;
+   } else if (c == '+') {
+      c = *++tok;
+   } else if (!isdigit (c)) {
+      errno = EINVAL;
+      return 0;
+   }
+
+   /* from here down, inspired by NetBSD's strtoll */
+   if ((base == 0 || base == 16) && c == '0' &&
+       (tok[1] == 'x' || tok[1] == 'X')) {
+      tok += 2;
+      c = *tok;
+      base = 16;
+   }
+
+   if (base == 0) {
+      base = c == '0' ? 8 : 10;
+   }
+
+   /* Cutoff is the greatest magnitude we'll be able to multiply by base without
+    * range error. If the current number is past cutoff and we see valid digit,
+    * fail. If the number is *equal* to cutoff, then the next digit must be less
+    * than cutlim, otherwise fail.
+    */
+   cutoff = sign == -1 ? LLONG_MIN : LLONG_MAX;
+   cutlim = (int) (cutoff % base);
+   cutoff /= base;
+   if (sign == -1) {
+      if (cutlim > 0) {
+         cutlim -= base;
+         cutoff += 1;
+      }
+      cutlim = -cutlim;
+   }
 
+   digits_start = tok;
+
+   while ((c = *tok)) {
+      if (isdigit (c)) {
+         c -= '0';
+      } else if (isalpha (c)) {
+         c -= isupper (c) ? 'A' - 10 : 'a' - 10;
+      } else {
+         /* end of number string */
+         break;
+      }
+
+      if (c >= base) {
+         break;
+      }
+
+      if (sign == -1) {
+         if (number < cutoff || (number == cutoff && c > cutlim)) {
+            number = LLONG_MIN;
+            errno = ERANGE;
+            break;
+         } else {
+            number *= base;
+            number -= c;
+         }
+      } else {
+         if (number > cutoff || (number == cutoff && c > cutlim)) {
+            number = LLONG_MAX;
+            errno = ERANGE;
+            break;
+         } else {
+            number *= base;
+            number += c;
+         }
+      }
+
+      tok++;
+   }
+
+   /* did we parse any digits at all? */
+   if (e != NULL && tok > digits_start) {
+      *e = tok;
+   }
+
+   return number;
+}
diff --git a/tests/test-string.c b/tests/test-string.c
@@ -192,69 +192,87 @@ typedef struct
    const char *str;
    int         base;
    int64_t     rv;
+   const char *remaining;
    int         _errno;
 } strtoll_test;
 
 
 static void
 test_bson_ascii_strtoll (void)
 {
+#ifdef END
+#undef END
+#endif
+#define END ""
    int64_t rv;
    int i;
+   char *endptr;
    strtoll_test tests[] = {
-      /* input, base, expected output, expected errno */
-      { "1", 10, 1, 0 },
-      { "+1", 10, 1, 0 },
-      { "-1", 10, -1, 0 },
-      { "0", 10, 0, 0 },
-      { "0 ", 10, 0, 0 },
-      { " 0 ", 10, 0, 0 },
-      { " 0", 10, 0, 0 },
-      { " 0\"", 10, 0, 0 },
-      { "0l", 10, 0, 0 },
-      { "0l ", 10, 0, 0 },
-      { "0u", 10, 0, 0 },
-      { "0u ", 10, 0, 0 },
-      { "0L", 10, 0, 0 },
-      { "0L ", 10, 0, 0 },
-      { "0U", 10, 0, 0 },
-      { "0U ", 10, 0, 0 },
-      { "-0", 10, 0, 0 },
-      { "+0", 10, 0, 0 },
-      { "010", 8, 8, 0 },
-      { "08", 8, 0, EINVAL },
-      { "010", 10, 10, 0 },
-      { "010", 8, 8, 0 },
-      { "010", 0, 8, 0 },  
-      { "68719476736", 10, 68719476736, 0 },
-      { "-68719476736", 10, -68719476736, 0 },
-      { "+68719476736", 10, 68719476736, 0 },
-      { "   68719476736  ", 10, 68719476736, 0 },
-      { "   -68719476736  ", 10, -68719476736, 0 },
-      { "   4611686018427387904LL", 10, 4611686018427387904LL, 0 },
-      { " -4611686018427387904LL ", 10, -4611686018427387904LL, 0 },
-      { "0x1000000000", 16, 68719476736, 0 },
-      { "0x1000000000", 0, 68719476736, 0 },
-      { "-0x1000000000", 16, -68719476736, 0 },
-      { "+0x1000000000", 16, 68719476736, 0 },
-      { "01234", 8, 668, 0 },
-      { "-01234", 8, -668, 0 },
-      { "+01234", 8, 668, 0 },
+      /* input, base, expected output, # of chars parsed, expected errno */
+      { "1", 10, 1, END, 0 },
+      { "+1", 10, 1, END, 0 },
+      { "-1", 10, -1, END, 0 },
+      { "0", 10, 0, END, 0 },
+      { "0 ", 10, 0, " ", 0 },
+      { " 0 ", 10, 0, " ", 0 },
+      { " 0", 10, 0, END, 0 },
+      { " 0\"", 10, 0, "\"", 0 },
+      { "0l", 10, 0, "l", 0 },
+      { "0l ", 10, 0, "l ", 0 },
+      { "0u", 10, 0, "u", 0 },
+      { "0u ", 10, 0, "u ", 0 },
+      { "0L", 10, 0, "L", 0 },
+      { "0L ", 10, 0, "L ", 0 },
+      { "0U", 10, 0, "U", 0 },
+      { "0U ", 10, 0, "U ", 0 },
+      { "-0", 10, 0, END, 0 },
+      { "+0", 10, 0, END, 0 },
+      { "010", 8, 8, END, 0 },
+      /* stroll "takes as many characters as possible to form a valid base-n
+       * integer", so it ignores "8" and returns 0 */
+      { "08", 0, 0, "8", 0 },
+      { "010", 10, 10, END, 0 },
+      { "010", 8, 8, END, 0 },
+      { "010", 0, 8, END, 0 },
+      { "68719476736", 10, 68719476736, END, 0 },
+      { "-68719476736", 10, -68719476736, END, 0 },
+      { "+68719476736", 10, 68719476736, END, 0 },
+      { "   68719476736  ", 10, 68719476736, "  ", 0 },
+      { "   68719476736  ", 0, 68719476736, "  ", 0 },
+      { "   -68719476736  ", 10, -68719476736, "  ", 0 },
+      { "   -68719476736  ", 0, -68719476736, "  ", 0 },
+      { "   4611686018427387904LL", 10, 4611686018427387904LL, "LL", 0 },
+      { " -4611686018427387904LL ", 10, -4611686018427387904LL, "LL ", 0 },
+      { "0x1000000000", 16, 68719476736, END, 0 },
+      { "0x1000000000", 0, 68719476736, END, 0 },
+      { "-0x1000000000", 16, -68719476736, END, 0 },
+      { "-0x1000000000", 0, -68719476736, END, 0 },
+      { "+0x1000000000", 16, 68719476736, END, 0 },
+      { "+0x1000000000", 0, 68719476736, END, 0 },
+      { "01234", 8, 668, END, 0 },
+      { "01234", 0, 668, END, 0 },
+      { "-01234", 8, -668, END, 0 },
+      { "-01234", 0, -668, END, 0 },
+      { "+01234", 8, 668, END, 0 },
+      { "+01234", 0, 668, END, 0 },
+      { "9223372036854775807", 10, LLONG_MAX, END, 0},
+      { "-9223372036854775808", 10, LLONG_MIN, END, 0},
+      { "9223372036854775808", 10, LLONG_MAX, "8", ERANGE},  /* LLONG_MAX+1   */
+      { "-9223372036854775809", 10, LLONG_MIN, "9", ERANGE}, /* LLONG_MIN-1   */
+      { "18446744073709551615", 10, LLONG_MAX, "5", ERANGE}, /* 2*LLONG_MAX+1 */
+      { "-18446744073709551618", 10, LLONG_MIN, "8", ERANGE},/* 2*LLONG_MIN-1 */
       { NULL }
    };
 
    for (i = 0; tests [i].str; i++) {
       errno = 0;
 
-      rv = bson_ascii_strtoll (tests [i].str, NULL, tests [i].base);
-
-#if 0
-      fprintf (stderr, "rv=%"PRId64" errno=%d\n", rv, errno);
-#endif
-
+      rv = bson_ascii_strtoll (tests [i].str, &endptr, tests [i].base);
       assert_cmpint (rv, ==, tests [i].rv);
       assert_cmpint (errno, ==, tests [i]._errno);
+      assert_cmpstr (endptr, tests [i].remaining);
    }
+#undef END
 }
 
 
