Zcash: strtol[l] and atoi[64] have undefined behaviour on invalid input, and are locale-dependent

Created on 8 Feb 2017  路  4Comments  路  Source: zcash/zcash

We use these in contexts that should only accept ASCII digits, e.g. https://github.com/zcash/zcash/pull/1990#discussion_r99040894 . However,

"In other than the C or POSIX locales, other implementation-defined subject sequences may be accepted."

http://pubs.opengroup.org/onlinepubs/009695399/functions/strtol.html

C-bug Death By A Thousand Cuts E-good-first-issue I-SECURITY I-error-handling M-has-pr PR_cleanup S-fix-someday spring_cleaning
Source
picture daira

All 4 comments

https://github.com/zcash/zcash/commit/a8c22cc4d1e3c55d2b2f16a72fe4130be54baaa4 is relevant but does not fix the cases mentioned in this ticket.

daira picture daira on 10 Feb 2017

Not only is it locale-dependent, it is undefined behaviour if the input is out-of-range :-( :-( :-(

daira picture daira on 28 Mar 2018

Daira, what would be the right way to fix this? Implement our own super-simple versions of these functions, so that the behaviour is obvious and well-defined (even if less feature-rich)? If so, it seems that src/utilstrencodings.cpp may be a good place for these new functions.

There are about 40 calls in all of src/ to atoi[64] or strtol[l] so this does not seem too difficult to update them all to new functions.

If it makes sense for me to work on this, please assign to me.

LarryRuane picture LarryRuane on 7 Aug 2018
👍1

Please check whether upstream Bitcoin has changed this first.

daira picture daira on 12 Aug 2018
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

daira picture daira  路  3Comments
str4d picture str4d  路  4Comments
ageis picture ageis  路  3Comments
jonathancross picture jonathancross  路  4Comments
daira picture daira  路  4Comments