atoi provides only the most basic string conversion capabilities,
and makes determining if conversion was successful difficult (both
"abc" and "0" would return 0). We use strtol and checks to ensure
that it converted the entire string sucessfully before returning True.
Signed-off-by: Jason Gerecke <killert...@gmail.com>
---
tools/xsetwacom.c | 12 +++++++++++-
1 files changed, 11 insertions(+), 1 deletions(-)
diff --git a/tools/xsetwacom.c b/tools/xsetwacom.c
index 2a819c7..ee353fa 100644
--- a/tools/xsetwacom.c
+++ b/tools/xsetwacom.c
@@ -24,6 +24,8 @@
#include <wacom-properties.h>
#include "Xwacom.h"
+#include <errno.h>
+#include <limits.h>
#include <stdio.h>
#include <stdarg.h>
#include <ctype.h>
@@ -1450,7 +1452,15 @@ static Bool convert_value_from_user(param_t *param, char
*value, int *return_val
return False;
}
else
- *return_value = atoi(value);
+ {
+ char *end;
+ long conversion = strtol(value, &end, 10);
+ if (end == value || *end != '\0' || errno == ERANGE ||
+ conversion < INT_MIN || conversion > INT_MAX)
+ return False;
+
+ *return_value = (int)conversion;
+ }
return True;
}
--
1.7.1
------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Linuxwacom-devel mailing list
Linuxwacom-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linuxwacom-devel
