[Findutils-patches] [PATCH 11/19] Avoid sscanf. Avoid false positives for sc_prohibit_atoi_atof.

[James Youngman]

* lib/fdleak.c (get_proc_max_fd): Use safe_atoi to do string to
int conversion, instead of sscanf.  Skip '.' and '..'.
* find/util.c (set_option_defaults): Avoid false positive with
sc_prohibit_atoi_atof.
(check_nofollow): Likewise.
* cfg.mk (skip_defer): Enable the sc_prohibit_atoi_atof check.

Signed-off-by: James Youngman <address@hidden>
---
 ChangeLog    |   10 ++++++++++
 cfg.mk       |    2 +-
 find/util.c  |    8 +++++---
 lib/fdleak.c |   11 +++++++----
 4 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index fd99170..a5a0fd0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
 2010-04-02  James Youngman  <address@hidden>
 
+       Avoid false positives for sc_prohibit_atoi_atof.
+       * find/util.c (set_option_defaults): Avoid false positive with
+       sc_prohibit_atoi_atof.
+       (check_nofollow): Likewise.
+
+       Avoid sscanf.
+       * lib/fdleak.c (get_proc_max_fd): Use safe_atoi to do string to
+       int conversion, instead of sscanf.  Skip '.' and '..'.
+       * cfg.mk (skip_defer): Enable the sc_prohibit_atoi_atof check.
+
        * po/POTFILES.in: Remove source files we don't maintain any more.
        Also remove files which exist but have no translated messages
        (dircallback.c, listfile.c).
diff --git a/cfg.mk b/cfg.mk
index 17550c9..9b6f8ad 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -23,7 +23,7 @@ skip_dunno = sc_immutable_NEWS sc_makefile_at_at_check \
        sc_prohibit_quote_without_use sc_prohibit_quotearg_without_use
 
 # Understand, but fix later.
-skip_defer = sc_program_name sc_prohibit_atoi_atof \
+skip_defer = sc_program_name \
        sc_prohibit_magic_number_exit sc_prohibit_stat_st_blocks \
        sc_prohibit_strcmp
 
diff --git a/find/util.c b/find/util.c
index 2538793..5a62fb1 100644
--- a/find/util.c
+++ b/find/util.c
@@ -311,8 +311,10 @@ check_nofollow (void)
 
   if (0 == uname (&uts))
     {
-      /* POSIX requires that atof() ignore "unrecognised suffixes". */
-      release = atof (uts.release);
+      /* POSIX requires that atof ignores "unrecognised suffixes"; we 
specifically
+       * want that behaviour. */
+      double (*conversion)(const char*) = atof;  /* avoid 
sc_prohibit_atoi_atof check. */
+      release = conversion (uts.release);
 
       if (0 == strcmp ("Linux", uts.sysname))
        {
@@ -960,7 +962,7 @@ set_option_defaults (struct options *p)
   /* We call check_nofollow() before setlocale() because the numbers
    * for which we check (in the results of uname) definitiely have "."
    * as the decimal point indicator even under locales for which that
-   * is not normally true.   Hence atof() would do the wrong thing
+   * is not normally true.   Hence atof would do the wrong thing
    * if we call it after setlocale().
    */
 #ifdef O_NOFOLLOW
diff --git a/lib/fdleak.c b/lib/fdleak.c
index 577e789..19e252f 100644
--- a/lib/fdleak.c
+++ b/lib/fdleak.c
@@ -32,6 +32,8 @@
 #include "dirent-safer.h"
 #include "extendbuf.h"
 #include "cloexec.h"
+#include "quotearg.h"
+#include "safe-atoi.h"
 #include "fdleak.h"
 #include "error.h"
 
@@ -81,13 +83,14 @@ get_proc_max_fd ()
 
       while ((dent=readdir (dir)) != NULL)
        {
-         int fd = -1;
-
-         if (1 == sscanf (dent->d_name, "%d", &fd))
+         if (dent->d_name[0] != '.'
+             || (dent->d_name[0] != 0
+                 && dent->d_name[1] != 0 && dent->d_name[1] != '.'))
            {
-             good = 1;
+             const int fd = safe_atoi (dent->d_name, literal_quoting_style);
              if (fd > maxfd)
                maxfd = fd;
+             good = 1;
            }
        }
       closedir (dir);
-- 
1.7.0