build: avoid strtol and strtod

Ensure we don't introduce any more lousy integer parsing in new
code, while avoiding a scrub-down of existing legacy code.

Note that we also need to enable sc_prohibit_atoi_atof (see cfg.mk
local-checks-to-skip) before we are bulletproof, but that also
entails scrubbing I'm not ready to do at the moment.

* src/util/util.c (virStrToLong_i, virStrToLong_ui)
(virStrToLong_l, virStrToLong_ul, virStrToLong_ll)
(virStrToLong_ull, virStrToDouble): Mark exemptions.
* src/util/virmacaddr.c (virMacAddrParse): Likewise.
* cfg.mk (sc_prohibit_strtol): New syntax check.
(exclude_file_name_regexp--sc_prohibit_strtol): Ignore files that
I'm not willing to fix yet.
(local-checks-to-skip): Re-enable sc_prohibit_atoi_atof.

diff --git a/cfg.mk b/cfg.mk
index 71e9a1d9014d7568bd727271cdb6877484c3451d..fb4df2fa6f5e1510f96df8fb028fa725ceb7b181 100644 (file)
--- a/cfg.mk
+++ b/cfg.mk
@@ -353,6 +353,17 @@ sc_prohibit_strncmp:
        halt='$(ME): use STREQLEN or STRPREFIX instead of str''ncmp'    \
          $(_sc_search_regexp)
 
+# strtol and friends are too easy to misuse
+sc_prohibit_strtol:
+       @prohibit='\bstrto(u?ll?|[ui]max) *\('                          \
+       exclude='exempt from syntax-check'                              \
+       halt='$(ME): use virStrToLong_*, not strtol variants'           \
+         $(_sc_search_regexp)
+       @prohibit='\bstrto[df] *\('                                     \
+       exclude='exempt from syntax-check'                              \
+       halt='$(ME): use virStrToDouble, not strtod variants'           \
+         $(_sc_search_regexp)
+
 # Use virAsprintf rather than as'printf since *strp is undefined on error.
 sc_prohibit_asprintf:
        @prohibit='\<v?a[s]printf\>'                                    \
@@ -799,6 +810,9 @@ exclude_file_name_regexp--sc_prohibit_sprintf = \
 exclude_file_name_regexp--sc_prohibit_strncpy = \
   ^(src/util/util|tools/virsh)\.c$$
 
+exclude_file_name_regexp--sc_prohibit_strtol = \
+  ^src/(util/sexpr|(vbox|xen|xenxs)/.*)\.c$$
+
 exclude_file_name_regexp--sc_prohibit_xmlGetProp = ^src/util/xml\.c$$
 
 exclude_file_name_regexp--sc_prohibit_xmlURI = ^src/util/viruri\.c$$

diff --git a/src/util/util.c b/src/util/util.c
index 1b3922797da310d423cefc3a5998c7dc857f3f2c..48358b233ab082593988295159fec180ce5703b8 100644 (file)
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -1497,7 +1497,7 @@ virStrToLong_i(char const *s, char **end_ptr, int base, int *result)
     int err;
 
     errno = 0;
-    val = strtol(s, &p, base);
+    val = strtol(s, &p, base); /* exempt from syntax-check */
     err = (errno || (!end_ptr && *p) || p == s || (int) val != val);
     if (end_ptr)
         *end_ptr = p;
@@ -1516,7 +1516,7 @@ virStrToLong_ui(char const *s, char **end_ptr, int base, unsigned int *result)
     int err;
 
     errno = 0;
-    val = strtoul(s, &p, base);
+    val = strtoul(s, &p, base); /* exempt from syntax-check */
     err = (errno || (!end_ptr && *p) || p == s || (unsigned int) val != val);
     if (end_ptr)
         *end_ptr = p;
@@ -1535,7 +1535,7 @@ virStrToLong_l(char const *s, char **end_ptr, int base, long *result)
     int err;
 
     errno = 0;
-    val = strtol(s, &p, base);
+    val = strtol(s, &p, base); /* exempt from syntax-check */
     err = (errno || (!end_ptr && *p) || p == s);
     if (end_ptr)
         *end_ptr = p;
@@ -1554,7 +1554,7 @@ virStrToLong_ul(char const *s, char **end_ptr, int base, unsigned long *result)
     int err;
 
     errno = 0;
-    val = strtoul(s, &p, base);
+    val = strtoul(s, &p, base); /* exempt from syntax-check */
     err = (errno || (!end_ptr && *p) || p == s);
     if (end_ptr)
         *end_ptr = p;
@@ -1573,7 +1573,7 @@ virStrToLong_ll(char const *s, char **end_ptr, int base, long long *result)
     int err;
 
     errno = 0;
-    val = strtoll(s, &p, base);
+    val = strtoll(s, &p, base); /* exempt from syntax-check */
     err = (errno || (!end_ptr && *p) || p == s);
     if (end_ptr)
         *end_ptr = p;
@@ -1592,7 +1592,7 @@ virStrToLong_ull(char const *s, char **end_ptr, int base, unsigned long long *re
     int err;
 
     errno = 0;
-    val = strtoull(s, &p, base);
+    val = strtoull(s, &p, base); /* exempt from syntax-check */
     err = (errno || (!end_ptr && *p) || p == s);
     if (end_ptr)
         *end_ptr = p;
@@ -1612,7 +1612,7 @@ virStrToDouble(char const *s,
     int err;
 
     errno = 0;
-    val = strtod(s, &p);
+    val = strtod(s, &p); /* exempt from syntax-check */
     err = (errno || (!end_ptr && *p) || p == s);
     if (end_ptr)
         *end_ptr = p;

diff --git a/src/util/virmacaddr.c b/src/util/virmacaddr.c
index beb627462ef494a38caa7f6d625c20af57b89619..6c0fb245d209234fe3c98f6cfd478686fdca26bd 100644 (file)
--- a/src/util/virmacaddr.c
+++ b/src/util/virmacaddr.c
@@ -86,7 +86,7 @@ virMacAddrParse(const char* str, unsigned char *addr)
         if (!c_isxdigit(*str))
             break;
 
-        result = strtoul(str, &end_ptr, 16);
+        result = strtoul(str, &end_ptr, 16); /* exempt from syntax-check */
 
         if ((end_ptr - str) < 1 || 2 < (end_ptr - str) ||
             (errno != 0) ||