stty: diagnose an invalid hex value in 35-colon commmand-line argument

* NEWS: Mention this. * src/stty.c (strtoul_tcflag_t, strtoul_cc_t): New functions. (recover_mode): Use those functions (not sscanf), to parse the string robustly. * tests/stty/invalid: New file. Test for the above. * tests/stty/Makefile.am (TESTS): Add invalid. * .x-sc_prohibit_atoi_atof: Don't exempt stty.c from this check. Add tests/stty/invalid so we don't have to obfuscate the comment about sscanf therein. * Makefile.maint (sc_prohibit_atoi_atof): Mention sscanf in the diagnostic, too.
2026-04-21 03:12:48 +02:00 · 2007-05-20 14:45:38 +02:00
parent a49f45acbe
commit 02599650b1
7 changed files with 131 additions and 30 deletions
--- a/tests/stty/Makefile.am
+++ b/tests/stty/Makefile.am
@@ -1,5 +1,5 @@
 ## Process this file with automake to produce Makefile.in -*-Makefile-*-.
-TESTS = row-col-1 basic-1
+TESTS = invalid row-col-1 basic-1
 EXTRA_DIST = $(TESTS)
 TESTS_ENVIRONMENT = \
  CU_TEST_NAME=`basename $(abs_srcdir)`,$$tst \
--- a/tests/stty/invalid
+++ b/tests/stty/invalid
@@ -0,0 +1,64 @@
+#!/bin/sh
+# Ensure that stty diagnoses invalid inputs, rather than silently misbehaving.
+
+# Copyright (C) 2007 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+
+if test "$VERBOSE" = yes; then
+  set -x
+  stty --version
+fi
+
+# Make sure there's a tty on stdin.
+. $srcdir/../input-tty
+
+pwd=`pwd`
+t0=`echo "$0"|sed 's,.*/,,'`.tmp; tmp=$t0/$$
+trap 'status=$?; cd "$pwd" && chmod -R u+rwx $t0 && rm -rf $t0 && exit $status' 0
+trap '(exit $?); exit $?' 1 2 13 15
+
+framework_failure=0
+mkdir -p $tmp || framework_failure=1
+cd $tmp || framework_failure=1
+
+if test $framework_failure = 1; then
+  echo "$0: failure in testing framework" 1>&2
+  (exit 1); exit 1
+fi
+
+fail=0
+
+saved_state=`stty -g` || fail=1
+stty $saved_state || fail=1
+
+# Before coreutils-6.10, if stty were given an argument with 35 colons
+# separating 36 hexadecimal strings, stty would fail to diagnose as invalid
+# any number that was out of range as long as sscanf happened to
+# overflow/wrap it back into the range of the corresponding type (either
+# tcflag_t or cc_t).
+
+# For each of the following, before 6.10, stty would fail to
+# diagnose the error on at least Solaris 10.
+hex_2_64=10000000000000000
+stty `echo $saved_state |sed 's/^[^:]*:/'$hex_2_64:/`     2>/dev/null && fail=1
+stty `echo $saved_state |sed 's/:[0-9a-f]*$/:'$hex_2_64/` 2>/dev/null && fail=1
+
+# Just in case either of the above mistakenly succeeds (and changes
+# the state of our tty), try to restore the initial state.
+stty $saved_state || fail=1
+
+(exit $fail); exit $fail