Reject invalid signed integers (rpm buildorder)

ppisar · ppisar · commit 7c0158bcec05 · 2021-07-08T15:08:39.000+02:00
A parser was accepting string values like "42foo" while
a specification required an integer. Invalid values are rejected now.
/data/components/rpm/*/buildorder fileds in modulemd documents is one
of places.
diff --git a/modulemd/modulemd-yaml-util.c b/modulemd/modulemd-yaml-util.c
@@ -426,6 +426,8 @@ modulemd_yaml_parse_bool (yaml_parser_t *parser, GError **error)
 gint64
 modulemd_yaml_parse_int64 (yaml_parser_t *parser, GError **error)
 {
+  gint64 value;
+  gchar *endptr;
   MMD_INIT_YAML_EVENT (event);
 
   YAML_PARSER_PARSE_WITH_EXIT_INT (parser, &event, error);
@@ -434,7 +436,53 @@ modulemd_yaml_parse_int64 (yaml_parser_t *parser, GError **error)
       MMD_YAML_ERROR_EVENT_EXIT_INT (error, event, "String was not a scalar");
     }
 
-  return g_ascii_strtoll ((const gchar *)event.data.scalar.value, NULL, 10);
+  value =
+    g_ascii_strtoll ((const gchar *)event.data.scalar.value, &endptr, 10);
+
+  if ((value == G_MAXINT64 && errno == ERANGE))
+    {
+      g_set_error (error,
+                   MODULEMD_YAML_ERROR,
+                   MODULEMD_ERROR_VALIDATE,
+                   "%s: The integer value is larger than %" G_GINT64_FORMAT,
+                   (const gchar *)event.data.scalar.value,
+                   G_MAXINT64);
+      return 0;
+    }
+
+  if ((value == G_MININT64 && errno == ERANGE))
+    {
+      g_set_error (error,
+                   MODULEMD_YAML_ERROR,
+                   MODULEMD_ERROR_VALIDATE,
+                   "%s: The integer value is samller than %" G_GINT64_FORMAT,
+                   (const gchar *)event.data.scalar.value,
+                   G_MININT64);
+      return 0;
+    }
+
+  if (value == 0 && errno == EINVAL)
+    {
+      g_set_error_literal (
+        error,
+        MODULEMD_YAML_ERROR,
+        MODULEMD_ERROR_NOT_IMPLEMENTED,
+        "Your GLib library does not support parsing integers in 10 base");
+      return 0;
+    }
+
+  if ((value == 0 && endptr == (gchar *)event.data.scalar.value) ||
+      *endptr != '\0')
+    {
+      g_set_error (error,
+                   MODULEMD_YAML_ERROR,
+                   MMD_ERROR_VALIDATE,
+                   "%s: The string is not a valid integer",
+                   (const gchar *)event.data.scalar.value);
+      return 0;
+    }
+
+  return value;
 }
 
 
diff --git a/modulemd/tests/test-modulemd-parse_int64.c b/modulemd/tests/test-modulemd-parse_int64.c
@@ -19,6 +19,62 @@
 #include "private/test-utils.h"
 #include <yaml.h>
 
+static void
+test (const char *input, gint64 expected_value, gboolean expected_error)
+{
+  gint64 parsed;
+  g_autoptr (GError) error = NULL;
+  MMD_INIT_YAML_EVENT (event);
+  MMD_INIT_YAML_PARSER (parser);
+
+  yaml_parser_set_input_string (
+    &parser, (const unsigned char *)input, strlen (input));
+  parser_skip_document_start (&parser);
+
+  parsed = modulemd_yaml_parse_int64 (&parser, &error);
+  if (expected_error)
+    g_assert_nonnull (error);
+  else
+    g_assert_null (error);
+  g_assert_cmpuint (parsed, ==, expected_value);
+}
+
+static void
+test_int64_valid (void)
+{
+  test ("42", 42, FALSE);
+}
+
+static void
+test_int64_invalid_no_digit (void)
+{
+  test ("foo", 0, TRUE);
+}
+
+static void
+test_int64_invalid_incomplete (void)
+{
+  test ("42foo", 0, TRUE);
+}
+
+static void
+test_int64_valid_negative (void)
+{
+  test ("-42", -42, FALSE);
+}
+
+static void
+test_int64_invalid_too_big (void)
+{
+  test ("9223372036854775808", 0, TRUE);
+}
+
+static void
+test_int64_invalid_too_small (void)
+{
+  test ("-9223372036854775809", 0, TRUE);
+}
+
 static void
 utest (const char *input, guint64 expected_value, gboolean expected_error)
 {
@@ -76,6 +132,18 @@ main (int argc, char *argv[])
   setlocale (LC_ALL, "");
   g_test_init (&argc, &argv, NULL);
 
+  g_test_add_func ("/modulemd/v2/int64/yaml/parse/valid", test_int64_valid);
+  g_test_add_func ("/modulemd/v2/int64/yaml/parse/invalid_no_digit",
+                   test_int64_invalid_no_digit);
+  g_test_add_func ("/modulemd/v2/int64/yaml/parse/invalid_incomplete",
+                   test_int64_invalid_incomplete);
+  g_test_add_func ("/modulemd/v2/int64/yaml/parse/valid_negative",
+                   test_int64_valid_negative);
+  g_test_add_func ("/modulemd/v2/int64/yaml/parse/invalid_too_big",
+                   test_int64_invalid_too_big);
+  g_test_add_func ("/modulemd/v2/int64/yaml/parse/invalid_too_small",
+                   test_int64_invalid_too_small);
+
   g_test_add_func ("/modulemd/v2/uint64/yaml/parse/valid", test_uint64_valid);
   g_test_add_func ("/modulemd/v2/uint64/yaml/parse/invalid_no_digit",
                    test_uint64_invalid_no_digit);
