rtla: Replace atoi() with a robust strtoi()

The atoi() function does not perform error checking, which can lead to
undefined behavior when parsing invalid or out-of-range strings. This
can cause issues when parsing user-provided numerical inputs, such as
signal numbers, PIDs, or CPU lists.

To address this, introduce a new strtoi() helper function that safely
converts a string to an integer. This function validates the input and
checks for overflows, returning a negative value on  failure.

Replace all calls to atoi() with the new strtoi() function and add
proper error handling to make the parsing more robust and prevent
potential issues.

Signed-off-by: Wander Lairson Costa <wander@redhat.com>
Link: https://lore.kernel.org/r/20260106133655.249887-5-wander@redhat.com
Signed-off-by: Tomas Glozar <tglozar@redhat.com>

diff --git a/tools/tracing/rtla/src/actions.c b/tools/tracing/rtla/src/actions.c
index 31bc98db9228ca9d4cd545d35d4d2609cb3604af..ace9965ebd55f959f0108a8c0f1d6bdcb077ca66 100644 (file)
--- a/tools/tracing/rtla/src/actions.c
+++ b/tools/tracing/rtla/src/actions.c
@@ -181,12 +181,13 @@ actions_parse(struct actions *self, const char *trigger, const char *tracefn)
                /* Takes two arguments, num (signal) and pid */
                while (token != NULL) {
                        if (strlen(token) > 4 && strncmp(token, "num=", 4) == 0) {
-                               signal = atoi(token + 4);
+                               if (strtoi(token + 4, &signal))
+                                       return -1;
                        } else if (strlen(token) > 4 && strncmp(token, "pid=", 4) == 0) {
                                if (strncmp(token + 4, "parent", 7) == 0)
                                        pid = -1;
-                               else
-                                       pid = atoi(token + 4);
+                               else if (strtoi(token + 4, &pid))
+                                       return -1;
                        } else {
                                /* Invalid argument */
                                return -1;

diff --git a/tools/tracing/rtla/src/utils.c b/tools/tracing/rtla/src/utils.c
index 0b84e02b13df3a74e6182aeb6fd682c932981319..748b86e6c2cc6d36343d87dcbac13987459d0a9a 100644 (file)
--- a/tools/tracing/rtla/src/utils.c
+++ b/tools/tracing/rtla/src/utils.c
@@ -17,6 +17,7 @@
 #include <fcntl.h>
 #include <sched.h>
 #include <stdio.h>
+#include <limits.h>
 
 #include "utils.h"
 
@@ -127,16 +128,18 @@ int parse_cpu_set(char *cpu_list, cpu_set_t *set)
        nr_cpus = sysconf(_SC_NPROCESSORS_CONF);
 
        for (p = cpu_list; *p; ) {
-               cpu = atoi(p);
-               if (cpu < 0 || (!cpu && *p != '0') || cpu >= nr_cpus)
+               if (strtoi(p, &cpu))
+                       goto err;
+               if (cpu < 0 || cpu >= nr_cpus)
                        goto err;
 
                while (isdigit(*p))
                        p++;
                if (*p == '-') {
                        p++;
-                       end_cpu = atoi(p);
-                       if (end_cpu < cpu || (!end_cpu && *p != '0') || end_cpu >= nr_cpus)
+                       if (strtoi(p, &end_cpu))
+                               goto err;
+                       if (end_cpu < cpu || end_cpu >= nr_cpus)
                                goto err;
                        while (isdigit(*p))
                                p++;
@@ -337,6 +340,7 @@ int set_comm_sched_attr(const char *comm_prefix, struct sched_attr *attr)
        struct dirent *proc_entry;
        DIR *procfs;
        int retval;
+       int pid;
 
        if (strlen(comm_prefix) >= MAX_PATH) {
                err_msg("Command prefix is too long: %d < strlen(%s)\n",
@@ -356,8 +360,12 @@ int set_comm_sched_attr(const char *comm_prefix, struct sched_attr *attr)
                if (!retval)
                        continue;
 
+               if (strtoi(proc_entry->d_name, &pid)) {
+                       err_msg("'%s' is not a valid pid", proc_entry->d_name);
+                       goto out_err;
+               }
                /* procfs_is_workload_pid confirmed it is a pid */
-               retval = __set_sched_attr(atoi(proc_entry->d_name), attr);
+               retval = __set_sched_attr(pid, attr);
                if (retval) {
                        err_msg("Error setting sched attributes for pid:%s\n", proc_entry->d_name);
                        goto out_err;
@@ -999,3 +1007,25 @@ char *parse_optional_arg(int argc, char **argv)
                return NULL;
        }
 }
+
+/*
+ * strtoi - convert string to integer with error checking
+ *
+ * Returns 0 on success, -1 if conversion fails or result is out of int range.
+ */
+int strtoi(const char *s, int *res)
+{
+       char *end_ptr;
+       long lres;
+
+       if (!*s)
+               return -1;
+
+       errno = 0;
+       lres = strtol(s, &end_ptr, 0);
+       if (errno || *end_ptr || lres > INT_MAX || lres < INT_MIN)
+               return -1;
+
+       *res = (int) lres;
+       return 0;
+}

diff --git a/tools/tracing/rtla/src/utils.h b/tools/tracing/rtla/src/utils.h
index ed7618842e8216437ab3c9861f664d6a16c2ed41..974f7e0188c0a4bd35aa4200665fd606ab430720 100644 (file)
--- a/tools/tracing/rtla/src/utils.h
+++ b/tools/tracing/rtla/src/utils.h
@@ -3,6 +3,7 @@
 #include <stdint.h>
 #include <time.h>
 #include <sched.h>
+#include <stdbool.h>
 
 /*
  * '18446744073709551615\0'
@@ -81,6 +82,7 @@ static inline int set_deepest_cpu_idle_state(unsigned int cpu, unsigned int stat
 static inline int have_libcpupower_support(void) { return 0; }
 #endif /* HAVE_LIBCPUPOWER_SUPPORT */
 int auto_house_keeping(cpu_set_t *monitored_cpus);
+__attribute__((__warn_unused_result__)) int strtoi(const char *s, int *res);
 
 #define ns_to_usf(x) (((double)x/1000))
 #define ns_to_per(total, part) ((part * 100) / (double)total)