[v1] tools/sched_ext: fix strtoul() misuse in scx_hotplug_seq()

[PATCH] tools/sched_ext: fix strtoul() misuse in scx_hotplug_seq()

David Carlier posted 1 patch 1 month, 2 weeks ago

Diff against v1
Download mbox

tools/sched_ext/include/scx/compat.h | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)

Expand all Fold all

[PATCH] tools/sched_ext: fix strtoul() misuse in scx_hotplug_seq()

Posted by David Carlier 1 month, 2 weeks ago

scx_hotplug_seq() uses strtoul() but validates the result with a
negative check (val < 0), which can never be true for an unsigned
return value.

Use the endptr mechanism to verify the entire string was consumed,
and check errno == ERANGE for overflow detection.

Signed-off-by: David Carlier <devnexen@gmail.com>
---
 tools/sched_ext/include/scx/compat.h | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tools/sched_ext/include/scx/compat.h b/tools/sched_ext/include/scx/compat.h
index 8b4897fc8b99..edccc99c7294 100644
--- a/tools/sched_ext/include/scx/compat.h
+++ b/tools/sched_ext/include/scx/compat.h
@@ -125,6 +125,7 @@ static inline long scx_hotplug_seq(void)
 {
 	int fd;
 	char buf[32];
+	char *endptr;
 	ssize_t len;
 	long val;
 
@@ -137,8 +138,10 @@ static inline long scx_hotplug_seq(void)
 	buf[len] = 0;
 	close(fd);
 
-	val = strtoul(buf, NULL, 10);
-	SCX_BUG_ON(val < 0, "invalid num hotplug events: %lu", val);
+	errno = 0;
+	val = strtoul(buf, &endptr, 10);
+	SCX_BUG_ON(errno == ERANGE || endptr == buf ||
+		   (*endptr != '\n' && *endptr != '\0'), "invalid num hotplug events: %ld", val);
 
 	return val;
 }
-- 
2.51.0

Re: [PATCH] tools/sched_ext: fix strtoul() misuse in scx_hotplug_seq()

Posted by Tejun Heo 1 month, 2 weeks ago

Applied to sched_ext/for-7.0-fixes.

Thanks.

--
tejun