You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/04/02 13:48:02 UTC

[Bug 52832] numerical configuration entry can be mistakenly interpreted without users' awareness

https://issues.apache.org/bugzilla/show_bug.cgi?id=52832

--- Comment #3 from Olaf van der Spek <Ol...@GMail.Com> ---
(In reply to Tianyin Xu from comment #2)
> Being fed with a overflowed number, atoi() will return a random number.
> 
> for example, on my machine, ind b = atoi(10000000000), b will be 1410065408. 

Actually it's worse: "If the value cannot be represented, the behavior is
undefined."

http://pubs.opengroup.org/onlinepubs/009695399/functions/atoi.html

Code using strtol often fails to check for ERANGE too.
IMO the best solution would be to introduce a better strtol wrapper that
returns an int/error on invalid input.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org