utils.h: reject preceding non-digits in strToInt()

Author: firewave

lib/utils.h

@@ -220,7 +220,7 @@ bool strToInt(const std::string& str, T &num, std::string* err = nullptr)
         tmp = std::stoll(str, &idx);
         if (idx != str.size()) {
             if (err)
-                *err = "not an integer";
+                *err = "not an integer (pos)";
             return false;
         }
     } catch (const std::out_of_range&) {
@@ -229,14 +229,19 @@ bool strToInt(const std::string& str, T &num, std::string* err = nullptr)
         return false;
     } catch (const std::invalid_argument &) {
         if (err)
-            *err = "not an integer";
+            *err = "not an integer (invalid_argument)";
         return false;
     }
     if (str.front() == '-' && std::numeric_limits<T>::min() == 0) {
         if (err)
             *err = "needs to be positive";
         return false;
     }
+    if (str.front() != '+' && str.front() != '-' && !isdigit(str.front())) {
+        if (err)
+            *err = "not an integer";
+        return false;
+    }
     if (tmp < std::numeric_limits<T>::min() || tmp > std::numeric_limits<T>::max()) {
         if (err)
             *err = "out of range (limits)";
@@ -255,7 +260,7 @@ bool strToInt(const std::string& str, T &num, std::string* err = nullptr)
         tmp = std::stoull(str, &idx);
         if (idx != str.size()) {
             if (err)
-                *err = "not an integer";
+                *err = "not an integer (pos)";
             return false;
         }
     } catch (const std::out_of_range&) {
@@ -264,14 +269,19 @@ bool strToInt(const std::string& str, T &num, std::string* err = nullptr)
         return false;
     } catch (const std::invalid_argument &) {
         if (err)
-            *err = "not an integer";
+            *err = "not an integer (invalid_argument)";
         return false;
     }
     if (str.front() == '-') {
         if (err)
             *err = "needs to be positive";
         return false;
     }
+    if (str.front() != '+' && !isdigit(str.front())) {
+        if (err)
+            *err = "not an integer";
+        return false;
+    }
     if (tmp > std::numeric_limits<T>::max()) {
         if (err)
             *err = "out of range (limits)";

test/testcmdlineparser.cpp

@@ -1236,15 +1236,15 @@ class TestCmdlineParser : public TestFixture {
         const char * const argv[] = {"cppcheck", "--error-exitcode=", "file.cpp"};
         // Fails since exit code not given
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parseFromArgs(argv));
-        ASSERT_EQUALS("cppcheck: error: argument to '--error-exitcode=' is not valid - not an integer.\n", logger->str());
+        ASSERT_EQUALS("cppcheck: error: argument to '--error-exitcode=' is not valid - not an integer (invalid_argument).\n", logger->str());
     }
 
     void errorExitcodeStr() {
         REDIRECT;
         const char * const argv[] = {"cppcheck", "--error-exitcode=foo", "file.cpp"};
         // Fails since invalid exit code
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parseFromArgs(argv));
-        ASSERT_EQUALS("cppcheck: error: argument to '--error-exitcode=' is not valid - not an integer.\n", logger->str());
+        ASSERT_EQUALS("cppcheck: error: argument to '--error-exitcode=' is not valid - not an integer (invalid_argument).\n", logger->str());
     }
 
     void exitcodeSuppressionsOld() {
@@ -1395,15 +1395,15 @@ class TestCmdlineParser : public TestFixture {
         const char * const argv[] = {"cppcheck", "-j", "file.cpp"};
         // Fails since -j is missing thread count
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parseFromArgs(argv));
-        ASSERT_EQUALS("cppcheck: error: argument to '-j' is not valid - not an integer.\n", logger->str());
+        ASSERT_EQUALS("cppcheck: error: argument to '-j' is not valid - not an integer (invalid_argument).\n", logger->str());
     }
 
     void jobsInvalid() {
         REDIRECT;
         const char * const argv[] = {"cppcheck", "-j", "e", "file.cpp"};
         // Fails since invalid count given for -j
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parseFromArgs(argv));
-        ASSERT_EQUALS("cppcheck: error: argument to '-j' is not valid - not an integer.\n", logger->str());
+        ASSERT_EQUALS("cppcheck: error: argument to '-j' is not valid - not an integer (invalid_argument).\n", logger->str());
     }
 
     void jobsNoJobs() {
@@ -1433,15 +1433,15 @@ class TestCmdlineParser : public TestFixture {
         const char * const argv[] = {"cppcheck", "--max-configs=", "file.cpp"};
         // Fails since --max-configs= is missing limit
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parseFromArgs(argv));
-        ASSERT_EQUALS("cppcheck: error: argument to '--max-configs=' is not valid - not an integer.\n", logger->str());
+        ASSERT_EQUALS("cppcheck: error: argument to '--max-configs=' is not valid - not an integer (invalid_argument).\n", logger->str());
     }
 
     void maxConfigsInvalid() {
         REDIRECT;
         const char * const argv[] = {"cppcheck", "--max-configs=e", "file.cpp"};
         // Fails since invalid count given for --max-configs=
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parseFromArgs(argv));
-        ASSERT_EQUALS("cppcheck: error: argument to '--max-configs=' is not valid - not an integer.\n", logger->str());
+        ASSERT_EQUALS("cppcheck: error: argument to '--max-configs=' is not valid - not an integer (invalid_argument).\n", logger->str());
     }
 
     void maxConfigsTooSmall() {
@@ -1672,7 +1672,7 @@ class TestCmdlineParser : public TestFixture {
         REDIRECT;
         const char * const argv[] = {"cppcheck", "--report-progress=", "file.cpp"};
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parseFromArgs(argv));
-        ASSERT_EQUALS("cppcheck: error: argument to '--report-progress=' is not valid - not an integer.\n", logger->str());
+        ASSERT_EQUALS("cppcheck: error: argument to '--report-progress=' is not valid - not an integer (invalid_argument).\n", logger->str());
     }
 
     void reportProgress3() {
@@ -2172,7 +2172,7 @@ class TestCmdlineParser : public TestFixture {
         const char * const argv[] = {"cppcheck", "--xml", "--xml-version=a", "file.cpp"};
         // FAils since unknown XML format version
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parseFromArgs(argv));
-        ASSERT_EQUALS("cppcheck: error: argument to '--xml-version=' is not valid - not an integer.\n", logger->str());
+        ASSERT_EQUALS("cppcheck: error: argument to '--xml-version=' is not valid - not an integer (invalid_argument).\n", logger->str());
     }
 
     void doc() {
@@ -2395,7 +2395,7 @@ class TestCmdlineParser : public TestFixture {
         REDIRECT;
         const char * const argv[] = {"cppcheck", "--valueflow-max-iterations=seven"};
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parseFromArgs(argv));
-        ASSERT_EQUALS("cppcheck: error: argument to '--valueflow-max-iterations=' is not valid - not an integer.\n", logger->str());
+        ASSERT_EQUALS("cppcheck: error: argument to '--valueflow-max-iterations=' is not valid - not an integer (invalid_argument).\n", logger->str());
     }
 
     void valueFlowMaxIterationsInvalid3() {
@@ -2423,7 +2423,7 @@ class TestCmdlineParser : public TestFixture {
         REDIRECT;
         const char * const argv[] = {"cppcheck", "--checks-max-time=one", "file.cpp"};
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parseFromArgs(argv));
-        ASSERT_EQUALS("cppcheck: error: argument to '--checks-max-time=' is not valid - not an integer.\n", logger->str());
+        ASSERT_EQUALS("cppcheck: error: argument to '--checks-max-time=' is not valid - not an integer (invalid_argument).\n", logger->str());
     }
 
 #ifdef HAS_THREADING_MODEL_FORK
@@ -2445,7 +2445,7 @@ class TestCmdlineParser : public TestFixture {
         REDIRECT;
         const char * const argv[] = {"cppcheck", "-l", "one", "file.cpp"};
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parseFromArgs(argv));
-        ASSERT_EQUALS("cppcheck: error: argument to '-l' is not valid - not an integer.\n", logger->str());
+        ASSERT_EQUALS("cppcheck: error: argument to '-l' is not valid - not an integer (invalid_argument).\n", logger->str());
     }
 #else
     void loadAverageNotSupported() {
@@ -2482,7 +2482,7 @@ class TestCmdlineParser : public TestFixture {
         REDIRECT;
         const char * const argv[] = {"cppcheck", "--max-ctu-depth=one", "file.cpp"};
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parseFromArgs(argv));
-        ASSERT_EQUALS("cppcheck: error: argument to '--max-ctu-depth=' is not valid - not an integer.\n", logger->str());
+        ASSERT_EQUALS("cppcheck: error: argument to '--max-ctu-depth=' is not valid - not an integer (invalid_argument).\n", logger->str());
     }
 
     void performanceValueflowMaxTime() {
@@ -2496,7 +2496,7 @@ class TestCmdlineParser : public TestFixture {
         REDIRECT;
         const char * const argv[] = {"cppcheck", "--performance-valueflow-max-time=one", "file.cpp"};
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parseFromArgs(argv));
-        ASSERT_EQUALS("cppcheck: error: argument to '--performance-valueflow-max-time=' is not valid - not an integer.\n", logger->str());
+        ASSERT_EQUALS("cppcheck: error: argument to '--performance-valueflow-max-time=' is not valid - not an integer (invalid_argument).\n", logger->str());
     }
 
     void performanceValueFlowMaxIfCount() {
@@ -2510,7 +2510,7 @@ class TestCmdlineParser : public TestFixture {
         REDIRECT;
         const char * const argv[] = {"cppcheck", "--performance-valueflow-max-if-count=one", "file.cpp"};
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parseFromArgs(argv));
-        ASSERT_EQUALS("cppcheck: error: argument to '--performance-valueflow-max-if-count=' is not valid - not an integer.\n", logger->str());
+        ASSERT_EQUALS("cppcheck: error: argument to '--performance-valueflow-max-if-count=' is not valid - not an integer (invalid_argument).\n", logger->str());
     }
 
     void templateMaxTime() {
@@ -2524,7 +2524,7 @@ class TestCmdlineParser : public TestFixture {
         REDIRECT;
         const char * const argv[] = {"cppcheck", "--template-max-time=one", "file.cpp"};
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parseFromArgs(argv));
-        ASSERT_EQUALS("cppcheck: error: argument to '--template-max-time=' is not valid - not an integer.\n", logger->str());
+        ASSERT_EQUALS("cppcheck: error: argument to '--template-max-time=' is not valid - not an integer (invalid_argument).\n", logger->str());
     }
 
     void templateMaxTimeInvalid2() {
@@ -2545,7 +2545,7 @@ class TestCmdlineParser : public TestFixture {
         REDIRECT;
         const char * const argv[] = {"cppcheck", "--typedef-max-time=one", "file.cpp"};
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parseFromArgs(argv));
-        ASSERT_EQUALS("cppcheck: error: argument to '--typedef-max-time=' is not valid - not an integer.\n", logger->str());
+        ASSERT_EQUALS("cppcheck: error: argument to '--typedef-max-time=' is not valid - not an integer (invalid_argument).\n", logger->str());
     }
 
     void typedefMaxTimeInvalid2() {
@@ -3235,7 +3235,7 @@ class TestCmdlineParser : public TestFixture {
         REDIRECT;
         const char * const argv[] = {"cppcheck", "--max-template-recursion=", "file.cpp"};
         ASSERT_EQUALS_ENUM(CmdLineParser::Result::Fail, parseFromArgs(argv));
-        ASSERT_EQUALS("cppcheck: error: argument to '--max-template-recursion=' is not valid - not an integer.\n", logger->str());
+        ASSERT_EQUALS("cppcheck: error: argument to '--max-template-recursion=' is not valid - not an integer (invalid_argument).\n", logger->str());
     }
 
     void emitDuplicates() {

test/testerrorlogger.cpp

@@ -599,7 +599,7 @@ class TestErrorLogger : public TestFixture {
                                "0 "
                                "0 ";
             ErrorMessage msg;
-            ASSERT_THROW_INTERNAL_EQUALS(msg.deserialize(str), INTERNAL, "Internal Error: Deserialization of error message failed - invalid CWE ID - not an integer");
+            ASSERT_THROW_INTERNAL_EQUALS(msg.deserialize(str), INTERNAL, "Internal Error: Deserialization of error message failed - invalid CWE ID - not an integer (invalid_argument)");
         }
         {
             // invalid hash
@@ -615,7 +615,7 @@ class TestErrorLogger : public TestFixture {
                                "0 "
                                "0 ";
             ErrorMessage msg;
-            ASSERT_THROW_INTERNAL_EQUALS(msg.deserialize(str), INTERNAL, "Internal Error: Deserialization of error message failed - invalid hash - not an integer");
+            ASSERT_THROW_INTERNAL_EQUALS(msg.deserialize(str), INTERNAL, "Internal Error: Deserialization of error message failed - invalid hash - not an integer (invalid_argument)");
         }
         {
             // out-of-range CWE ID

test/testsuppressions.cpp

@@ -188,12 +188,12 @@ class TestSuppressions : public TestFixture {
         ASSERT_THROW_EQUALS(SuppressionList::parseLine("id::1"), std::runtime_error, "filename is missing");
 
         // missing/invalid line
-        ASSERT_THROW_EQUALS(SuppressionList::parseLine("id:1.c:"), std::runtime_error, "invalid line number (converting '' to integer failed - not an integer)");
-        ASSERT_THROW_EQUALS(SuppressionList::parseLine("id:1.c:\n"), std::runtime_error, "invalid line number (converting '' to integer failed - not an integer)");
-        ASSERT_THROW_EQUALS(SuppressionList::parseLine("id:1.c:\n1"), std::runtime_error, "invalid line number (converting '' to integer failed - not an integer)");
-        ASSERT_THROW_EQUALS(SuppressionList::parseLine("id:1.c:#1"), std::runtime_error, "invalid line number (converting '' to integer failed - not an integer)"); // TODO: looks like a valid filename
-        ASSERT_THROW_EQUALS(SuppressionList::parseLine("id:1.c://1"), std::runtime_error, "invalid line number (converting '' to integer failed - not an integer)");
-        ASSERT_THROW_EQUALS(SuppressionList::parseLine("id:1.c:zero"), std::runtime_error, "invalid line number (converting 'zero' to integer failed - not an integer)");
+        ASSERT_THROW_EQUALS(SuppressionList::parseLine("id:1.c:"), std::runtime_error, "invalid line number (converting '' to integer failed - not an integer (invalid_argument))");
+        ASSERT_THROW_EQUALS(SuppressionList::parseLine("id:1.c:\n"), std::runtime_error, "invalid line number (converting '' to integer failed - not an integer (invalid_argument))");
+        ASSERT_THROW_EQUALS(SuppressionList::parseLine("id:1.c:\n1"), std::runtime_error, "invalid line number (converting '' to integer failed - not an integer (invalid_argument))");
+        ASSERT_THROW_EQUALS(SuppressionList::parseLine("id:1.c:#1"), std::runtime_error, "invalid line number (converting '' to integer failed - not an integer (invalid_argument))"); // TODO: looks like a valid filename
+        ASSERT_THROW_EQUALS(SuppressionList::parseLine("id:1.c://1"), std::runtime_error, "invalid line number (converting '' to integer failed - not an integer (invalid_argument))");
+        ASSERT_THROW_EQUALS(SuppressionList::parseLine("id:1.c:zero"), std::runtime_error, "invalid line number (converting 'zero' to integer failed - not an integer (invalid_argument))");
 
         // invalid extras
         ASSERT_THROW_EQUALS(SuppressionList::parseLine("id:1.c:1\n"), std::runtime_error, "unexpected extra ''");