1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/doors/clans-src/src/misc.c random.c src/doors/clans-src/src/tests/

    From Deuc¿@VERT to Git commit to main/sbbs/master on Thu Mar 12 12:11:16 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/4ec5c5d9aa28c1d220b319c7
    Modified Files:
    src/doors/clans-src/src/misc.c random.c src/doors/clans-src/src/tests/test_random.c test_tools.c src/doors/clans-src/src/tools.c
    Log Message:
    Fix undefined behavior in argument validation

    my_random(): Move guard checks before (unsigned)(limit - 1) computation. Previously, limit == INT_MIN would trigger signed integer overflow UB
    before the guard could reject it. (src/random.c)

    ato*() functions: Replace atoi()/atol() with strtoll() for defined overflow behavior. atoi/atol have undefined behavior when the result doesn't fit in their return type. On ILP32 and Windows LLP64 platforms (where long is 32-bit), ato32()'s range check was a tautology and overflow was silent. strtoll() is always 64-bit with defined behavior: it clamps to LLONG_MIN/LLONG_MAX and
    the range checks now work correctly everywhere. (src/tools.c, src/misc.c)

    Also updated src/misc.c format specifiers from %d/%hhu to %lld to match strtoll()'s return type.

    Unit tests: Added my_random(INT_MIN) test; removed #if LONG_MAX > INT32_MAX guard from test_ato32_overflow (now passes on all platforms). (src/tests/test_random.c, src/tests/test_tools.c)

    All tests passing: test_tools 8/8, test_misc 16/16, test_random 7/7, integration 115/115.

    Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net