From mboxrd@z Thu Jan  1 00:00:00 1970
From: john at keeping.me.uk (John Keeping)
Date: Wed, 13 May 2015 14:41:24 +0100
Subject: [PATCH] cgit: use strtol_i instead of atoi
In-Reply-To: <CAHmME9p28mDbZ+9Un1LJ4D=QNsV6r+9dy0ifgDgoTzWGjHKzWA@mail.gmail.com>
References: <1431523261-982-1-git-send-email-ncopa@alpinelinux.org>
 <CAHmME9p28mDbZ+9Un1LJ4D=QNsV6r+9dy0ifgDgoTzWGjHKzWA@mail.gmail.com>
Message-ID: <20150513134124.GB10518@serenity.lan>

On Wed, May 13, 2015 at 03:35:29PM +0200, Jason A. Donenfeld wrote:
> Anybody have any objections to this? In some cases it's slightly more
> verbose, but otherwise, I can't see any downsides.

It's worse if there is trailing data.  Since there's nothing obvious we
can do if the input is bad, I'm not sure how much we care (i.e. ignoring
the return value from strtol_i is OK) but whereas atoi will parse a
valid value followed by trailing garbage strtol_i will just fail.

Worse than that, if it fails it leaves the result uninitialized, which
doesn't matter in the cases where we just update a variable, but at
least one part of this patch introduces a new variable that is not set
if strtol_i fails.