From: Wander Lairson Costa <wander@redhat.com>
To: Steven Rostedt <rostedt@goodmis.org>,
Tomas Glozar <tglozar@redhat.com>,
Wander Lairson Costa <wander@redhat.com>,
Ivan Pravdin <ipravdin.official@gmail.com>,
Crystal Wood <crwood@redhat.com>,
Costa Shulyupin <costa.shul@redhat.com>,
John Kacur <jkacur@redhat.com>,
Tiezhu Yang <yangtiezhu@loongson.cn>,
linux-trace-kernel@vger.kernel.org (open list:Real-time Linux
Analysis (RTLA) tools),
linux-kernel@vger.kernel.org (open list:Real-time Linux Analysis
(RTLA) tools),
bpf@vger.kernel.org (open list:BPF
[MISC]:Keyword:(?:\b|_)bpf(?:\b|_))
Subject: [PATCH v2 04/18] rtla: Replace atoi() with a robust strtoi()
Date: Tue, 6 Jan 2026 08:49:40 -0300 [thread overview]
Message-ID: <20260106133655.249887-5-wander@redhat.com> (raw)
In-Reply-To: <20260106133655.249887-1-wander@redhat.com>
The atoi() function does not perform error checking, which can lead to
undefined behavior when parsing invalid or out-of-range strings. This
can cause issues when parsing user-provided numerical inputs, such as
signal numbers, PIDs, or CPU lists.
To address this, introduce a new strtoi() helper function that safely
converts a string to an integer. This function validates the input and
checks for overflows, returning a negative value on failure.
Replace all calls to atoi() with the new strtoi() function and add
proper error handling to make the parsing more robust and prevent
potential issues.
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
---
tools/tracing/rtla/src/actions.c | 7 +++---
tools/tracing/rtla/src/utils.c | 40 ++++++++++++++++++++++++++++----
tools/tracing/rtla/src/utils.h | 2 ++
3 files changed, 41 insertions(+), 8 deletions(-)
diff --git a/tools/tracing/rtla/src/actions.c b/tools/tracing/rtla/src/actions.c
index a4d0dc47e6aa1..e933c2c68b208 100644
--- a/tools/tracing/rtla/src/actions.c
+++ b/tools/tracing/rtla/src/actions.c
@@ -170,12 +170,13 @@ actions_parse(struct actions *self, const char *trigger, const char *tracefn)
/* Takes two arguments, num (signal) and pid */
while (token != NULL) {
if (strlen(token) > 4 && strncmp(token, "num=", 4) == 0) {
- signal = atoi(token + 4);
+ if (strtoi(token + 4, &signal))
+ return -1;
} else if (strlen(token) > 4 && strncmp(token, "pid=", 4) == 0) {
if (strncmp(token + 4, "parent", 7) == 0)
pid = -1;
- else
- pid = atoi(token + 4);
+ else if (strtoi(token + 4, &pid))
+ return -1;
} else {
/* Invalid argument */
return -1;
diff --git a/tools/tracing/rtla/src/utils.c b/tools/tracing/rtla/src/utils.c
index acf95afa25b5a..f3e129d17a82b 100644
--- a/tools/tracing/rtla/src/utils.c
+++ b/tools/tracing/rtla/src/utils.c
@@ -17,6 +17,7 @@
#include <fcntl.h>
#include <sched.h>
#include <stdio.h>
+#include <limits.h>
#include "utils.h"
@@ -127,16 +128,18 @@ int parse_cpu_set(char *cpu_list, cpu_set_t *set)
nr_cpus = sysconf(_SC_NPROCESSORS_CONF);
for (p = cpu_list; *p; ) {
- cpu = atoi(p);
- if (cpu < 0 || (!cpu && *p != '0') || cpu >= nr_cpus)
+ if (strtoi(p, &cpu))
+ goto err;
+ if (cpu < 0 || cpu >= nr_cpus)
goto err;
while (isdigit(*p))
p++;
if (*p == '-') {
p++;
- end_cpu = atoi(p);
- if (end_cpu < cpu || (!end_cpu && *p != '0') || end_cpu >= nr_cpus)
+ if (strtoi(p, &end_cpu))
+ goto err;
+ if (end_cpu < cpu || end_cpu >= nr_cpus)
goto err;
while (isdigit(*p))
p++;
@@ -337,6 +340,7 @@ int set_comm_sched_attr(const char *comm_prefix, struct sched_attr *attr)
struct dirent *proc_entry;
DIR *procfs;
int retval;
+ int pid;
if (strlen(comm_prefix) >= MAX_PATH) {
err_msg("Command prefix is too long: %d < strlen(%s)\n",
@@ -356,8 +360,12 @@ int set_comm_sched_attr(const char *comm_prefix, struct sched_attr *attr)
if (!retval)
continue;
+ if (strtoi(proc_entry->d_name, &pid)) {
+ err_msg("'%s' is not a valid pid", proc_entry->d_name);
+ goto out_err;
+ }
/* procfs_is_workload_pid confirmed it is a pid */
- retval = __set_sched_attr(atoi(proc_entry->d_name), attr);
+ retval = __set_sched_attr(pid, attr);
if (retval) {
err_msg("Error setting sched attributes for pid:%s\n", proc_entry->d_name);
goto out_err;
@@ -1035,3 +1043,25 @@ char *strdup_fatal(const char *s)
return p;
}
+
+/*
+ * strtoi - convert string to integer with error checking
+ *
+ * Returns 0 on success, -1 if conversion fails or result is out of int range.
+ */
+int strtoi(const char *s, int *res)
+{
+ char *end_ptr;
+ long lres;
+
+ if (!*s)
+ return -1;
+
+ errno = 0;
+ lres = strtol(s, &end_ptr, 0);
+ if (errno || *end_ptr || lres > INT_MAX || lres < INT_MIN)
+ return -1;
+
+ *res = (int) lres;
+ return 0;
+}
diff --git a/tools/tracing/rtla/src/utils.h b/tools/tracing/rtla/src/utils.h
index 0ed2c7275f2c5..efbf798650306 100644
--- a/tools/tracing/rtla/src/utils.h
+++ b/tools/tracing/rtla/src/utils.h
@@ -3,6 +3,7 @@
#include <stdint.h>
#include <time.h>
#include <sched.h>
+#include <stdbool.h>
/*
* '18446744073709551615\0'
@@ -85,6 +86,7 @@ static inline int set_deepest_cpu_idle_state(unsigned int cpu, unsigned int stat
static inline int have_libcpupower_support(void) { return 0; }
#endif /* HAVE_LIBCPUPOWER_SUPPORT */
int auto_house_keeping(cpu_set_t *monitored_cpus);
+__attribute__((__warn_unused_result__)) int strtoi(const char *s, int *res);
#define ns_to_usf(x) (((double)x/1000))
#define ns_to_per(total, part) ((part * 100) / (double)total)
--
2.52.0
next prev parent reply other threads:[~2026-01-06 13:40 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-06 11:49 [PATCH v2 00/18] rtla: Code quality and robustness improvements Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 01/18] rtla: Exit on memory allocation failures during initialization Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 02/18] rtla: Use strdup() to simplify code Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 03/18] rtla: Introduce for_each_action() helper Wander Lairson Costa
2026-01-06 11:49 ` Wander Lairson Costa [this message]
2026-01-12 12:27 ` [PATCH v2 04/18] rtla: Replace atoi() with a robust strtoi() Costa Shulyupin
2026-01-12 12:39 ` Tomas Glozar
2026-01-06 11:49 ` [PATCH v2 05/18] rtla: Simplify argument parsing Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 06/18] rtla: Use strncmp_static() in more places Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 07/18] rtla: Introduce common_restart() helper Wander Lairson Costa
2026-01-07 12:03 ` Tomas Glozar
2026-01-07 12:43 ` Wander Lairson Costa
2026-01-07 13:47 ` Tomas Glozar
2026-01-07 13:50 ` Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 08/18] rtla: Use standard exit codes for result enum Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 09/18] rtla: Remove redundant memset after calloc Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 10/18] rtla: Replace magic number with MAX_PATH Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 11/18] rtla: Remove unused headers Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 12/18] rtla: Fix NULL pointer dereference in actions_parse Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 13/18] rtla: Fix buffer size for strncpy in timerlat_aa Wander Lairson Costa
2026-01-06 16:03 ` Steven Rostedt
2026-01-07 13:20 ` Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 14/18] rtla: Add generated output files to gitignore Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 15/18] rtla: Make stop_tracing variable volatile Wander Lairson Costa
2026-01-06 16:05 ` Steven Rostedt
2026-01-06 17:47 ` Crystal Wood
2026-01-07 13:24 ` Wander Lairson Costa
2026-01-07 16:31 ` Steven Rostedt
2026-01-06 11:49 ` [PATCH v2 16/18] rtla: Ensure null termination after read operations in utils.c Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 17/18] rtla: Fix parse_cpu_set() return value documentation Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 18/18] rtla: Simplify code by caching string lengths Wander Lairson Costa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260106133655.249887-5-wander@redhat.com \
--to=wander@redhat.com \
--cc=bpf@vger.kernel.org \
--cc=costa.shul@redhat.com \
--cc=crwood@redhat.com \
--cc=ipravdin.official@gmail.com \
--cc=jkacur@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=tglozar@redhat.com \
--cc=yangtiezhu@loongson.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox