Gitiles
Code Review Sign In
review.blissroms.org / platform_system_core_old / 7833f4b354ec90a090a772cd651681e147f315c8^! / .
commit7833f4b354ec90a090a772cd651681e147f315c8[log] [tgz]
authorNick Kralevich <nnk@google.com>Thu Jun 18 17:46:54 2015 -0700
committerNick Kralevich <nnk@google.com>Thu Jun 18 20:11:06 2015 -0700
tree832e8d1910ee35aec02ea8bf0019090be82447b3
parent41f1fd9ba9bda3406b6d857b69110895ded669b5 [diff]
init/util.cpp: don't return a negative unsigned value

android_name_to_id() returns -1U on error, which causes a
crash when the following clang options are enabled:

  -fsanitize=signed-integer-overflow,unsigned-integer-overflow
  -ftrap-function=abort
  -fsanitize-undefined-trap-on-error

Rather than returning a negative unsigned value (which doesn't
make a lot of sense, IMHO), return a positive unsigned value.

While we're here, add logging on decode_uid failures.

Bug: 21880301
Change-Id: I652e4c1daa07c7494cceca2b4e1656b9158f2604

diff --git a/init/util.cpp b/init/util.cpp
index 8216892..7f29e94 100644
--- a/init/util.cpp
+++ b/init/util.cpp

@@ -47,7 +47,7 @@
 
 /*
  * android_name_to_id - returns the integer uid/gid associated with the given
- * name, or -1U on error.
+ * name, or UINT_MAX on error.
  */
 static unsigned int android_name_to_id(const char *name)
 {
@@ -59,27 +59,35 @@
             return info[n].aid;
     }
 
-    return -1U;
+    return UINT_MAX;
 }
 
-/*
- * decode_uid - decodes and returns the given string, which can be either the
- * numeric or name representation, into the integer uid or gid. Returns -1U on
- * error.
- */
-unsigned int decode_uid(const char *s)
+static unsigned int do_decode_uid(const char *s)
 {
     unsigned int v;
 
     if (!s || *s == '\0')
-        return -1U;
+        return UINT_MAX;
     if (isalpha(s[0]))
         return android_name_to_id(s);
 
     errno = 0;
     v = (unsigned int) strtoul(s, 0, 0);
     if (errno)
-        return -1U;
+        return UINT_MAX;
+    return v;
+}
+
+/*
+ * decode_uid - decodes and returns the given string, which can be either the
+ * numeric or name representation, into the integer uid or gid. Returns
+ * UINT_MAX on error.
+ */
+unsigned int decode_uid(const char *s) {
+    unsigned int v = do_decode_uid(s);
+    if (v == UINT_MAX) {
+        ERROR("decode_uid: Unable to find UID for '%s'. Returning UINT_MAX\n", s);
+    }
     return v;
 }
 

diff --git a/init/util_test.cpp b/init/util_test.cpp
index 5b3ab50..228954b 100644
--- a/init/util_test.cpp
+++ b/init/util_test.cpp

@@ -38,6 +38,6 @@
 
 TEST(util, decode_uid) {
   EXPECT_EQ(0U, decode_uid("root"));
-  EXPECT_EQ(-1U, decode_uid("toot"));
+  EXPECT_EQ(UINT_MAX, decode_uid("toot"));
   EXPECT_EQ(123U, decode_uid("123"));
 }