BBS:      TELESC.NET.BR
Assunto:  src/doors/clans-src/src/misc.c random.c src/doors/clans-src/src/tests/
De:       Deuc¨
Data:     Thu, 12 Mar 2026 12:11:16 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/4ec5c5d9aa28c1d220b319c7
Modified Files:
	src/doors/clans-src/src/misc.c random.c src/doors/clans-src/src/tests/test_random.c test_tools.c src/doors/clans-src/src/tools.c
Log Message:
Fix undefined behavior in argument validation

my_random(): Move guard checks before (unsigned)(limit - 1) computation.
Previously, limit == INT_MIN would trigger signed integer overflow UB
before the guard could reject it. (src/random.c)

ato*() functions: Replace atoi()/atol() with strtoll() for defined overflow
behavior. atoi/atol have undefined behavior when the result doesn't fit in
their return type. On ILP32 and Windows LLP64 platforms (where long is 32-bit),
ato32()'s range check was a tautology and overflow was silent. strtoll() is
always 64-bit with defined behavior: it clamps to LLONG_MIN/LLONG_MAX and
the range checks now work correctly everywhere. (src/tools.c, src/misc.c)

Also updated src/misc.c format specifiers from %d/%hhu to %lld to match
strtoll()'s return type.

Unit tests: Added my_random(INT_MIN) test; removed #if LONG_MAX > INT32_MAX
guard from test_ato32_overflow (now passes on all platforms).
(src/tests/test_random.c, src/tests/test_tools.c)

All tests passing: test_tools 8/8, test_misc 16/16, test_random 7/7,
integration 115/115.

Co-Authored-By: Claude Haiku 4.5 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]