I'm not sure "strtol()" and "strtoul()" are guaranteed to clear "errno"

on success, so we clear it before calling them.

Assign the value of "strtol()" to a "long" and assign the value of
"strtoul()" to an "unsigned long", as those are the return types for
those functions - "gint32" and "guint32" might not be large enough for
the return value on an LP64 platform.

Check for errno being EINVAL, as that can happen if the number isn't
valid.

Before assigning the value returned by "strtol()" or "strtoul()" to the
final destination, check whether it's in the right range for that
destination.

svn path=/trunk/; revision=11382

1 files changed, 23 insertions, 2 deletions

diff --git a/epan/dfilter/scanner.l b/epan/dfilter/scanner.l
index 0483d12bc9..2d4e6ac9a4 100644
--- a/epan/dfilter/scanner.l
+++ b/epan/dfilter/scanner.l
@@ -322,11 +322,12 @@ static gboolean
 str_to_gint32(char *s, gint32* pint)
 {
 	char    *endptr;
-	gint32	integer;
+	long	integer;
 
+	errno = 0;
 	integer = strtol(s, &endptr, 0);
 
-	if (endptr == s || *endptr != '\0') {
+	if (errno == EINVAL || endptr == s || *endptr != '\0') {
 		/* This isn't a valid number. */
 		dfilter_fail("\"%s\" is not a valid number.", s);
 		return FALSE;
@@ -339,10 +340,30 @@ str_to_gint32(char *s, gint32* pint)
 			dfilter_fail("\"%s\" causes an integer underflow.", s);
 		}
 		else {
+			/*
+			 * XXX - can "strtol()" set errno to ERANGE without
+			 * returning LONG_MAX or LONG_MIN?
+			 */
 			dfilter_fail("\"%s\" is not an integer.", s);
 		}
 		return FALSE;
 	}
+	if (integer > G_MAXINT32) {
+		/*
+		 * Fits in a long, but not in a gint32 (a long might be
+		 * 64 bits).
+		 */
+		dfilter_fail("\"%s\" causes an integer overflow.", s);
+		return FALSE;
+	}
+	if (integer < G_MININT32) {
+		/*
+		 * Fits in a long, but not in a gint32 (a long might be
+		 * 64 bits).
+		 */
+		dfilter_fail("\"%s\" causes an integer underflow.", s);
+		return FALSE;
+	}
 
 	*pint = integer;
 	return TRUE;