config-parser: Catch negative numbers assigned to unsigned config values

strtoul() has a side effect that when given a string representing a
negative number, it returns a negated version as the value, and does not
flag an error.  IOW, strtoul("-42", &val) sets val to 42.  This could
potentially result in unintended surprise behaviors, such as if one were
to inadvertantly set a config param to -1 expecting that to disable it,
but with the result of setting the param to 1 instead.

Catch this by using strtol() and then manually check for the negative
value.  This logic is modelled after Wayland's strtouint().

Note that this change unfortunately reduces the range of parseable
numbers from [0,UINT_MAX] to [0,INT_MAX].  The current users of
weston_config_section_get_uint() are anticipating numbers far smaller
than either of these limits, so the change is believed to have no impact
in practice.

Also add a test case for negative numbers that catches this error
condition.

Signed-off-by: Bryce Harrington <bryce@osg.samsung.com>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>

1 files changed, 11 insertions, 1 deletions

diff --git a/shared/config-parser.c b/shared/config-parser.c
index 151ae9ca..247e8801 100644
--- a/shared/config-parser.c
+++ b/shared/config-parser.c
@@ -186,6 +186,7 @@ weston_config_section_get_uint(struct weston_config_section *section,
 			       const char *key,
 			       uint32_t *value, uint32_t default_value)
 {
+	long int ret;
 	struct weston_config_entry *entry;
 	char *end;
 
@@ -197,13 +198,22 @@ weston_config_section_get_uint(struct weston_config_section *section,
 	}
 
 	errno = 0;
-	*value = strtoul(entry->value, &end, 0);
+	ret = strtol(entry->value, &end, 0);
 	if (errno != 0 || end == entry->value || *end != '\0') {
 		*value = default_value;
 		errno = EINVAL;
 		return -1;
 	}
 
+	/* check range */
+	if (ret < 0 || ret > INT_MAX) {
+		*value = default_value;
+		errno = ERANGE;
+		return -1;
+	}
+
+	*value = ret;
+
 	return 0;
 }