[PATCH] replace atoi with strtoul in opts.cc, lto-wrapper.c, lto/lto.c [PR114542]

[Heiko Eißfeldt]

Straight forward replacements of atoi() with strtoul() in order to avoid UB
and detect invalid argument values.

Tested with x86_64-pc-linux-gnu.
2024-12-09 Heiko Eißfeldt <he...@hexco.de>

    PR lto/114542
    * lto-wrapper.cc (run_gcc):
    Use strtoul with ERANGE check instead of atoi

    * lto/lto.cc (do_whole_program_analysis):
    ditto

    * opts.cc (common_handle_option):
    ditto

    * gcc.dg/pr114542.c: new test case


From 93618806dac31eba876155ea46ee10d073363d8a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Heiko=20Ei=C3=9Ffeldt?= <he...@hexco.de>
Date: Mon, 9 Dec 2024 19:18:09 +0100
Subject: [PATCH 2/2] replace atoi with stroul in run_gcc,
 do_whole_program_analysis, common_handle_option [PR114542]
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Heiko Eißfeldt <he...@hexco.de>
---
 gcc/lto-wrapper.cc              | 15 ++++++++++++---
 gcc/lto/lto.cc                  | 19 ++++++++++++++-----
 gcc/opts.cc                     | 10 +++++++++-
 gcc/testsuite/gcc.dg/pr114542.c |  4 ++++
 4 files changed, 39 insertions(+), 9 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/pr114542.c

diff --git a/gcc/lto-wrapper.cc b/gcc/lto-wrapper.cc
index 661ba3c6f34..c44a9fd2fa0 100644
--- a/gcc/lto-wrapper.cc
+++ b/gcc/lto-wrapper.cc
@@ -1637,9 +1637,18 @@ run_gcc (unsigned argc, char *argv[])
 	    }
 	  else
 	    {
-	      parallel = atoi (option->arg);
-	      if (parallel <= 1)
-		parallel = 0;
+	      char *pend;
+	      errno = 0;
+	      const unsigned long i = strtoul (option->arg, &pend, 10);
+	      if (errno == ERANGE
+		  || *pend != '\0')
+		{
+		  parallel = 0;
+		}
+	      else
+		{
+		  parallel = i > INT_MAX ? INT_MAX : i;
+		}
 	    }
 	  /* Fallthru.  */
 
diff --git a/gcc/lto/lto.cc b/gcc/lto/lto.cc
index 1ee215d8f1d..427dcc80846 100644
--- a/gcc/lto/lto.cc
+++ b/gcc/lto/lto.cc
@@ -497,11 +497,20 @@ do_whole_program_analysis (void)
     }
   else
     {
-      lto_parallelism = atoi (flag_wpa);
-      if (lto_parallelism <= 0)
-	lto_parallelism = 0;
-      if (lto_parallelism >= param_max_lto_streaming_parallelism)
-	lto_parallelism = param_max_lto_streaming_parallelism;
+      char *pend;
+      errno = 0;
+      const unsigned long i = strtoul (flag_wpa, &pend, 10);
+      if (errno == ERANGE
+	  || *pend != '\0')
+	{
+	  lto_parallelism = 0;
+	  /* FIXME add a diagnostic? */
+	}
+      else
+	{
+	  lto_parallelism = i > (unsigned long)param_max_lto_streaming_parallelism ?
+	    (unsigned long)param_max_lto_streaming_parallelism : i;
+	}
     }
 
   timevar_start (TV_PHASE_OPT_GEN);
diff --git a/gcc/opts.cc b/gcc/opts.cc
index 9909d4a4fc5..7ce545e784d 100644
--- a/gcc/opts.cc
+++ b/gcc/opts.cc
@@ -3315,7 +3315,15 @@ common_handle_option (struct gcc_options *opts,
       if (strcmp (arg, "none") != 0
 	  && strcmp (arg, "jobserver") != 0
 	  && strcmp (arg, "auto") != 0
-	  && atoi (arg) == 0)
+	  && [](const char *arg){ /* was "atoi (arg) == 0" */
+	    char *pend;
+	    errno = 0;
+	    const unsigned long i = strtoul (arg, &pend, 10);
+	    return
+	      errno == ERANGE
+	      || *pend != '\0'
+	      || i > INT_MAX;
+	  }(arg))
 	error_at (loc,
 		  "unrecognized argument to %<-flto=%> option: %qs", arg);
       break;
diff --git a/gcc/testsuite/gcc.dg/pr114542.c b/gcc/testsuite/gcc.dg/pr114542.c
new file mode 100644
index 00000000000..49eec89e00d
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/pr114542.c
@@ -0,0 +1,4 @@
+/* PR lto/144542 */
+/* { dg-do compile } */
+/* { dg-options "-flto=2147483648" } */
+/* { dg-error "unrecognized argument to '-flto=' option: '2147483648'" "" { target *-*-* } 0 } */
-- 
2.47.1