LinuxLists.cc - [PATCH BlueZ] Fix incorrect use of atoi in maemo6

2011-10-27 10:42:56

Subject: [PATCH BlueZ] Fix incorrect use of atoi in maemo6

Use of atoi is incorrect and unsafe in maemo6 telephony and replaced
by g_ascii_digit_value.
---
audio/telephony-maemo6.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/audio/telephony-maemo6.c b/audio/telephony-maemo6.c
index 5df3235..a546f44 100644
--- a/audio/telephony-maemo6.c
+++ b/audio/telephony-maemo6.c
@@ -823,7 +823,9 @@ static int tonegen_startevent(char tone)
event_tone = DTMF_D;
break;
default:
- event_tone = atoi(&tone);
+ event_tone = g_ascii_digit_value(tone);
+ if (event_tone < 0)
+ return -EINVAL;
}

ret = send_method_call(TONEGEN_BUS_NAME, TONEGEN_PATH,
--
1.7.4.1

2011-10-28 11:00:19

by Johan Hedberg

[permalink] [raw]

Subject: Re: [PATCH BlueZ] Fix incorrect use of atoi in maemo6

Hi Dmitriy,

On Thu, Oct 27, 2011, Dmitriy Paliy wrote:
> Use of atoi is incorrect and unsafe in maemo6 telephony and replaced
> by g_ascii_digit_value.
> ---
> audio/telephony-maemo6.c | 4 +++-
> 1 files changed, 3 insertions(+), 1 deletions(-)
>
> diff --git a/audio/telephony-maemo6.c b/audio/telephony-maemo6.c
> index 5df3235..a546f44 100644
> --- a/audio/telephony-maemo6.c
> +++ b/audio/telephony-maemo6.c
> @@ -823,7 +823,9 @@ static int tonegen_startevent(char tone)
> event_tone = DTMF_D;
> break;
> default:
> - event_tone = atoi(&tone);
> + event_tone = g_ascii_digit_value(tone);
> + if (event_tone < 0)
> + return -EINVAL;
> }
>
> ret = send_method_call(TONEGEN_BUS_NAME, TONEGEN_PATH,

Doesn't compile:

udio/telephony-maemo6.c: In function ‘tonegen_startevent’:
audio/telephony-maemo6.c:827:3: error: comparison of unsigned expression < 0 is always false [-Werror=type-limits]

Please fix and resend.

Johan

2011-10-27 13:33:37

by Dmitriy Paliy

[permalink] [raw]

Subject: Re: [PATCH BlueZ] Fix incorrect use of atoi in maemo6

Hi,

> There are lots of atoi() calls in other parts of BlueZ. Are they safe?

Yes

> What is exactly unsafe in using atoi()?

The string should be null-terminated, which is not in this case, since
it is just a char. It was my mistake.

Br,
Dmitriy

2011-10-27 13:22:45

by Anderson Lizardo

[permalink] [raw]

Subject: Re: [PATCH BlueZ] Fix incorrect use of atoi in maemo6

Hi Dmitriy,

On Thu, Oct 27, 2011 at 6:42 AM, Dmitriy Paliy <[email protected]> wrote:
> Use of atoi is incorrect and unsafe in maemo6 telephony and replaced
> by g_ascii_digit_value.

There are lots of atoi() calls in other parts of BlueZ. Are they safe?
What is exactly unsafe in using atoi()?

Regards,
--
Anderson Lizardo
Instituto Nokia de Tecnologia - INdT
Manaus - Brazil