From 43f6a587e67878837680524bdc8240224258fac3 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@gnome.org>
Date: Mon, 10 Jul 2006 21:22:21 +0000
Subject: =?UTF-8?q?Bug=20330603=20=E2=80=93=20pango=5Fscan=5Fint=20invokes?=
 =?UTF-8?q?=20undefined=20behaviour?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

2006-07-10  Behdad Esfahbod  <behdad@gnome.org>

        Bug 330603 – pango_scan_int invokes undefined behaviour

        * pango/pango-utils.c (pango_scan_int): Use strtol.
---
 ChangeLog           |  6 ++++++
 pango/pango-utils.c | 36 +++++++++++++++---------------------
 2 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 01df55e7..abbcaf65 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2006-07-10  Behdad Esfahbod  <behdad@gnome.org>
+
+	Bug 330603 – pango_scan_int invokes undefined behaviour
+
+	* pango/pango-utils.c (pango_scan_int): Use strtol.
+
 2006-07-10  Behdad Esfahbod  <behdad@gnome.org>
 
 	Bug 315599 – PangoAttribute remains in wrong context.
diff --git a/pango/pango-utils.c b/pango/pango-utils.c
index 70f32dbe..63976aed 100644
--- a/pango/pango-utils.c
+++ b/pango/pango-utils.c
@@ -412,8 +412,7 @@ pango_scan_string (const char **pos, GString *out)
  * @pos: in/out string position
  * @out: an int into which to write the result
  * 
- * Scans an integer. An integer consists
- * of up to 31 decimal digits. 
+ * Scans an integer. 
  * Leading white space is skipped.
  * 
  * Return value: %FALSE if a parse error occured.
@@ -422,29 +421,24 @@ gboolean
 pango_scan_int (const char **pos, int *out)
 {
   unsigned int i = 0;
-  char buf[32];
-  const char *p = *pos;
-
-  while (g_ascii_isspace (*p))
-    p++;
-  
-  if (*p < '0' || *p > '9')
-    return FALSE;
+  char *end;
+  long temp;
 
-  while ((*p >= '0') && (*p <= '9') && i < sizeof(buf))
+  errno = 0;
+  temp = strtol (*pos, &end, 10);
+  if (errno == ERANGE)
     {
-      buf[i] = *p;
-      i++;
-      p++;
+      errno = 0;
+      return FALSE;
+    }
+	
+  *out = (int)temp;
+  if ((long)(*out) != temp)
+    {
+      return FALSE;
     }
 
-  if (i == sizeof(buf))
-    return FALSE;
-  else
-    buf[i] = '\0';
-
-  *out = atoi (buf);
-  *pos = p;
+  *pos = end;
 
   return TRUE;
 }
-- 
cgit v1.2.1