Re: [patch] atoi.3: Document return value on under/overflow as undefined

[Alejandro Colomar <alx@kernel.org>]

[-- Attachment #1: Type: text/plain, Size: 2569 bytes --]

Hi Thomas,

On Sun, Dec 10, 2023 at 02:25:20PM -0800, Thomas Habets wrote:
> On Sun, 10 Dec 2023 20:35:15 +0000, Alejandro Colomar <alx@kernel.org> said:
> > For extra fun, you could have quoted this together :)
> >
> > ```
> >      except that atoi() does not detect errors.
> > ```
> 
> Yeah, which of course makes no sense no matter if over/underflow is
> supposed to be considered an "error".
> 
> > However, maybe we should instead try to fix glibc to do the right thing.
> >
> > 	int
> > 	atoi(const char *nptr)
> > 	{
> > 		int   i, err;
> >
> > 		i = strtoi(nptr, NULL, 10, INT_MIN, INT_MAX, &err);
> > 		if (err)
> > 			errno = err;
> > 		return i;
> > 	}
> >
> > This is compatible with ISO C, since it behaves like
> >
> > 	(int) strtol(nptr, NULL, 10);
> >
> > "Except for the behavior on error", in which this atoi(3) implementation
> > sets errno, but nothing forbids that (ISO C only says "need not affect
> > the value of the integer expression errno on an error", which allows
> > affecting errno).  POSIX also allows this implementation: "except that
> > the handling of errors may differ".
> 
> If we don't change the manpage, then it should return 0 on error, not
> the clamped value. Unless you mean that the manpage should be changed
> to say it'll return the clamped value?

Yes, if the implementation is changed for good, I'd also change the
manual page.

> 
> Portable code won't be able to rely on errno anyway, so might as well
> not set it, in my opinion.
> 
> But at least this implementation won't trigger UB for any input.

Yeah, I'm thinking in 50 years from now, assuming all implementations
have good intentions and don't want to break programs just because the
standard says they can.  Hopefully atoi(3) could be usable in half a
century; if the planet is still there.

BTW, regarding your blog post about strtoul(3), I don't think it's so
hard to parse unsigned integers.  I couldn't reply to your blong without
logging in, but replied to the linked SO post:
<https://softwareengineering.stackexchange.com/a/449060/332848>

Have a lovely night,
Alex

> 
> --
> typedef struct me_s {
>   char name[]      = { "Thomas Habets" };
>   char email[]     = { "thomas@habets.se" };
>   char kernel[]    = { "Linux" };
>   char *pgpKey[]   = { "http://www.habets.pp.se/pubkey.txt" };
>   char pgp[] = { "9907 8698 8A24 F52F 1C2E  87F6 39A4 9EEA 460A 0169" };
>   char coolcmd[]   = { "echo '. ./_&. ./_'>_;. ./_" };
> } me_t;

-- 
<https://www.alejandro-colomar.es/>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]