util: tighten safe_atod parsing to only parse 'normal' numbers

We don't have a sensible use case where we want hex to double, or INF to double, or any of that. So check the strings for invalid characters and bail out early. Invalid characters include 'e' and whitespaces too, we don't need those. Small chance of things breaking: if the user-exposed calibration matrix property was specified using hex numbers this will stop working now. I'll take that risk. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2026-01-04 05:00:14 +01:00 · 2018-08-10 10:44:30 +10:00 · 2018-08-10 10:44:30 +10:00 · 19ea63bf23
commit 19ea63bf23
parent c875de4626
2 changed files with 23 additions and 5 deletions
--- a/src/libinput-util.h
+++ b/src/libinput-util.h
@ -28,6 +28,7 @@
 #include "config.h"

 #include <assert.h>
+#include <ctype.h>
 #include <errno.h>
 #include <limits.h>
 #include <locale.h>
@ -556,6 +557,24 @@ safe_atod(const char *str, double *val)
 	char *endptr;
 	double v;
 	locale_t c_locale;
+	size_t slen = strlen(str);
+
+	/* We don't have a use-case where we want to accept hex for a double
+	 * or any of the other values strtod can parse */
+	for (size_t i = 0; i < slen; i++) {
+		char c = str[i];
+
+		if (isdigit(c))
+		       continue;
+		switch(c) {
+		case '+':
+		case '-':
+		case '.':
+			break;
+		default:
+			return false;
+		}
+	}

 	/* Create a "C" locale to force strtod to use '.' as separator */
 	c_locale = newlocale(LC_NUMERIC_MASK, "C", (locale_t)0);
--- a/test/test-misc.c
+++ b/test/test-misc.c
@ -945,8 +945,7 @@ START_TEST(calibration_prop_parser)
 		{ "1 2 3 4 5 6", true, DEFAULT_VALUES },
 		{ "6.00012 3.244 4.238 5.2421 6.0134 8.860", true,
 			{ 6.00012, 3.244, 4.238, 5.2421, 6.0134, 8.860 }},
-		{ "0xff 2 3 4 5 6", true,
-			{ 255, 2, 3, 4, 5, 6 }},
+		{ "0xff 2 3 4 5 6", false, DEFAULT_VALUES },
 		{ NULL, false, DEFAULT_VALUES }
 	};
 	bool success;
@ -1271,9 +1270,9 @@ START_TEST(safe_atod_test)
 		{ "2147483647", true, 2147483647 },
 		{ "-2147483648", true, -2147483648 },
 		{ "4294967295", true, 4294967295 },
-		{ "0x0", true, 0 },
-		{ "0x10", true, 0x10 },
-		{ "0xaf", true, 0xaf },
+		{ "0x0", false, 0 },
+		{ "0x10", false, 0 },
+		{ "0xaf", false, 0 },
 		{ "x80", false, 0 },
 		{ "0.0", true, 0.0 },
 		{ "0.1", true, 0.1 },