You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/04/02 13:48:02 UTC
[Bug 52832] numerical configuration entry can be mistakenly
interpreted without users' awareness
https://issues.apache.org/bugzilla/show_bug.cgi?id=52832
--- Comment #3 from Olaf van der Spek <Ol...@GMail.Com> ---
(In reply to Tianyin Xu from comment #2)
> Being fed with a overflowed number, atoi() will return a random number.
>
> for example, on my machine, ind b = atoi(10000000000), b will be 1410065408.
Actually it's worse: "If the value cannot be represented, the behavior is
undefined."
http://pubs.opengroup.org/onlinepubs/009695399/functions/atoi.html
Code using strtol often fails to check for ERANGE too.
IMO the best solution would be to introduce a better strtol wrapper that
returns an int/error on invalid input.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org