From 035433e913872bc9c99fb19cd5b2eec1463ccdec Mon Sep 17 00:00:00 2001
From: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Date: Thu, 31 Aug 2023 13:40:46 +0200
Subject: Document decimal integer parsing helpers, add an octal variant

Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
---
 include/util/parse.h      | 42 ++++++++++++++++++++++++++++++++++++++++--
 lib/util/src/parse_int.c  | 36 +++++++++++++++++++++++++-----------
 lib/util/test/parse_int.c | 41 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 106 insertions(+), 13 deletions(-)

diff --git a/include/util/parse.h b/include/util/parse.h
index 20b4cb7..631c3dd 100644
--- a/include/util/parse.h
+++ b/include/util/parse.h
@@ -66,11 +66,49 @@ SQFS_INTERNAL void trim(char *buffer);
 SQFS_INTERNAL int istream_get_line(sqfs_istream_t *strm, char **out,
 				   size_t *line_num, int flags);
 
+/**
+ * @brief Parse an unsigned decimal integer from a string
+ *
+ * The function expects to find at least one decimal digit, and stops parsing
+ * if it finds something that is not a digit. If diff is NULL, it requires that
+ * the entire string was consumed (either length exhausted or a null-byte was
+ * found), otherwise it returns success.
+ *
+ * Altough numeric overflow is checked for while parsing, the result is only
+ * tested against vmin and vmax, if vmin is less than vmax. Setting them to
+ * the same value disables the range check.
+ *
+ * @param in A pointer to a string to parse
+ * @param len The maximum number of characters to read
+ * @param diff If not NULL, returns the number of characters successfully read
+ * @param vmin A lower bound. If the parsed value is below this, return an error
+ * @param vmax An upper bound. If the value is above this, return an error
+ * @param out If not NULL, returns the result value
+ *
+ * @return Zero on success, @ref SQFS_ERROR_OVERFLOW on numeric overflow,
+ *         @ref SQFS_ERROR_OUT_OF_BOUNDS if the range check failed,
+ *         @ref SQFS_ERROR_CORRUPTED if the string is not a number.
+ */
+SQFS_INTERNAL int parse_uint(const char *in, size_t len, size_t *diff,
+			     sqfs_u64 vmin, sqfs_u64 vmax, sqfs_u64 *out);
+
+/**
+ * @brief A variant of @ref parse_uint that can parse signed numbers
+ *
+ * The function internally uses @ref parse_uint, but allows an optional
+ * sign prefix and flips the result if it is negative. Range checking
+ * can also be performed using negative bounds.
+ *
+ * Arguments and return values are the same as for @ref parse_uint, but signed.
+ */
 SQFS_INTERNAL int parse_int(const char *in, size_t len, size_t *diff,
 			    sqfs_s64 vmin, sqfs_s64 vmax, sqfs_s64 *out);
 
-SQFS_INTERNAL int parse_uint(const char *in, size_t len, size_t *diff,
-			     sqfs_u64 vmin, sqfs_u64 vmax, sqfs_u64 *out);
+/**
+ * @brief Same as @ref parse_uint, but expects octal instead of decimal
+ */
+SQFS_INTERNAL int parse_uint_oct(const char *in, size_t len, size_t *diff,
+				 sqfs_u64 vmin, sqfs_u64 vmax, sqfs_u64 *out);
 
 /**
  * @brief Split a line of special character separated tokens
diff --git a/lib/util/src/parse_int.c b/lib/util/src/parse_int.c
index 1bca528..18e5b9a 100644
--- a/lib/util/src/parse_int.c
+++ b/lib/util/src/parse_int.c
@@ -11,8 +11,8 @@
 
 #include <ctype.h>
 
-int parse_uint(const char *in, size_t len, size_t *diff,
-	       sqfs_u64 vmin, sqfs_u64 vmax, sqfs_u64 *out)
+static int parse(const char *in, size_t len, size_t *diff,
+		 sqfs_u64 base, sqfs_u64 vmin, sqfs_u64 vmax, sqfs_u64 *out)
 {
 	/* init result */
 	if (diff != NULL)
@@ -25,25 +25,28 @@ int parse_uint(const char *in, size_t len, size_t *diff,
 
 	/* parse sequence */
 	while (len > 0 && isdigit(*in)) {
-		sqfs_u64 x = *(in++) - '0';
-		--len;
+		sqfs_u64 x = *in - '0';
+		if (x >= base)
+			break;
 
-		if (diff != NULL)
-			++(*diff);
-
-		if ((*out) >= (0xFFFFFFFFFFFFFFFFULL / 10ULL))
+		if ((*out) >= (0xFFFFFFFFFFFFFFFFULL / base))
 			return SQFS_ERROR_OVERFLOW;
 
-		(*out) *= 10;
+		(*out) *= base;
 
 		if ((*out) > (0xFFFFFFFFFFFFFFFFULL - x))
 			return SQFS_ERROR_OVERFLOW;
 
 		(*out) += x;
+
+		--len;
+		++in;
+		if (diff != NULL)
+			++(*diff);
 	}
 
 	/* range check */
-	if ((vmin != vmax) && ((*out < vmin) || (*out > vmax)))
+	if ((vmin < vmax) && ((*out < vmin) || (*out > vmax)))
 		return SQFS_ERROR_OUT_OF_BOUNDS;
 
 	/* if diff is not used, entire  must have been processed */
@@ -53,6 +56,17 @@ int parse_uint(const char *in, size_t len, size_t *diff,
 	return 0;
 }
 
+int parse_uint(const char *in, size_t len, size_t *diff,
+	       sqfs_u64 vmin, sqfs_u64 vmax, sqfs_u64 *out)
+{
+	return parse(in, len, diff, 10, vmin, vmax, out);
+}
+
+int parse_uint_oct(const char *in, size_t len, size_t *diff,
+		   sqfs_u64 vmin, sqfs_u64 vmax, sqfs_u64 *out)
+{
+	return parse(in, len, diff, 8, vmin, vmax, out);
+}
 
 int parse_int(const char *in, size_t len, size_t *diff,
 	      sqfs_s64 vmin, sqfs_s64 vmax, sqfs_s64 *out)
@@ -82,7 +96,7 @@ int parse_int(const char *in, size_t len, size_t *diff,
 		*out = (sqfs_s64)temp;
 	}
 
-	if (vmin != vmax && ((*out < vmin) || (*out > vmax)))
+	if ((vmin < vmax) && ((*out < vmin) || (*out > vmax)))
 		return SQFS_ERROR_OUT_OF_BOUNDS;
 
 	return 0;
diff --git a/lib/util/test/parse_int.c b/lib/util/test/parse_int.c
index 2bd5a7c..cf6a69f 100644
--- a/lib/util/test/parse_int.c
+++ b/lib/util/test/parse_int.c
@@ -74,5 +74,46 @@ int main(int argc, char **argv)
 	ret = parse_int("-1234", -1, NULL, -1000, 1000, &s_out);
 	TEST_EQUAL_I(ret, SQFS_ERROR_OUT_OF_BOUNDS);
 
+	/**** octal version *****/
+
+	/* must begin with a digit */
+	ret = parse_uint_oct("a1234", -1, &diff, 0, 0, &out);
+	TEST_EQUAL_I(ret, SQFS_ERROR_CORRUPTED);
+
+	/* can end with a non-digit... */
+	ret = parse_uint_oct("1234a", -1, &diff, 0, 0, &out);
+	TEST_EQUAL_I(ret, 0);
+	TEST_EQUAL_UI(out, 01234);
+	TEST_EQUAL_UI(diff, 4);
+
+	/* ...unless diff is NULL */
+	ret = parse_uint_oct("1234a", -1, NULL, 0, 0, &out);
+	TEST_EQUAL_I(ret, SQFS_ERROR_CORRUPTED);
+
+	/* numeric overflow is cought */
+	ret = parse_uint_oct("2000000000000000000000", -1, NULL, 0, 0, &out);
+	TEST_EQUAL_I(ret, SQFS_ERROR_OVERFLOW);
+
+	/* buffer length is adherered to */
+	ret = parse_uint_oct("2000000000000000000000", 5, NULL, 0, 0, &out);
+	TEST_EQUAL_I(ret, 0);
+	TEST_EQUAL_UI(out, 020000);
+
+	ret = parse_uint_oct("2000000000000000000000", 5, &diff, 0, 0, &out);
+	TEST_EQUAL_I(ret, 0);
+	TEST_EQUAL_UI(diff, 5);
+	TEST_EQUAL_UI(out, 020000);
+
+	/* if vmin/vmax differ, check the range */
+	ret = parse_uint_oct("1234", -1, NULL, 0, 01000, &out);
+	TEST_EQUAL_I(ret, SQFS_ERROR_OUT_OF_BOUNDS);
+
+	ret = parse_uint_oct("1234", -1, NULL, 0, 02000, &out);
+	TEST_EQUAL_I(ret, 0);
+	TEST_EQUAL_UI(out, 01234);
+
+	ret = parse_uint_oct("1234", -1, NULL, 02000, 03000, &out);
+	TEST_EQUAL_I(ret, SQFS_ERROR_OUT_OF_BOUNDS);
+
 	return EXIT_SUCCESS;
 }
-- 
cgit v1.2.3