From 6f4a1156dd2bad81cfa71fd4db325207141de918 Mon Sep 17 00:00:00 2001
From: "Wladimir J. van der Laan" <laanwj@gmail.com>
Date: Sat, 3 May 2014 10:20:58 +0200
Subject: [PATCH] util: add parseint32 function with strict error reporting

None of the current integer parsing functions in util
check whether the result is valid and fits in the range
of the type. This is required for less sloppy error reporting.
---
 src/test/util_tests.cpp | 22 ++++++++++++++++++++++
 src/util.cpp            | 14 ++++++++++++++
 src/util.h              |  7 +++++++
 3 files changed, 43 insertions(+)

diff --git a/src/test/util_tests.cpp b/src/test/util_tests.cpp
index b8f107f64..7e7c05a59 100644
--- a/src/test/util_tests.cpp
+++ b/src/test/util_tests.cpp
@@ -342,4 +342,26 @@ BOOST_AUTO_TEST_CASE(gettime)
     BOOST_CHECK((GetTime() & ~0xFFFFFFFFLL) == 0);
 }
 
+BOOST_AUTO_TEST_CASE(test_ParseInt32)
+{
+    int32_t n;
+    // Valid values
+    BOOST_CHECK(ParseInt32("1234", NULL));
+    BOOST_CHECK(ParseInt32("0", &n) && n == 0);
+    BOOST_CHECK(ParseInt32("1234", &n) && n == 1234);
+    BOOST_CHECK(ParseInt32("01234", &n) && n == 1234); // no octal
+    BOOST_CHECK(ParseInt32("2147483647", &n) && n == 2147483647);
+    BOOST_CHECK(ParseInt32("-2147483648", &n) && n == -2147483648);
+    BOOST_CHECK(ParseInt32("-1234", &n) && n == -1234);
+    // Invalid values
+    BOOST_CHECK(!ParseInt32("1a", &n));
+    BOOST_CHECK(!ParseInt32("aap", &n));
+    BOOST_CHECK(!ParseInt32("0x1", &n)); // no hex
+    // Overflow and underflow
+    BOOST_CHECK(!ParseInt32("-2147483649", NULL));
+    BOOST_CHECK(!ParseInt32("2147483648", NULL));
+    BOOST_CHECK(!ParseInt32("-32482348723847471234", NULL));
+    BOOST_CHECK(!ParseInt32("32482348723847471234", NULL));
+}
+
 BOOST_AUTO_TEST_SUITE_END()
diff --git a/src/util.cpp b/src/util.cpp
index b551a4104..574e842b6 100644
--- a/src/util.cpp
+++ b/src/util.cpp
@@ -1489,3 +1489,17 @@ void RenameThread(const char* name)
 #endif
 }
 
+bool ParseInt32(const std::string& str, int32_t *out)
+{
+    char *endp = NULL;
+    errno = 0; // strtol will not set errno if valid
+    long int n = strtol(str.c_str(), &endp, 10);
+    if(out) *out = (int)n;
+    // Note that strtol returns a *long int*, so even if strtol doesn't report a over/underflow
+    // we still have to check that the returned value is within the range of an *int32_t*. On 64-bit
+    // platforms the size of these types may be different.
+    return endp && *endp == 0 && !errno &&
+        n >= std::numeric_limits<int32_t>::min() &&
+        n <= std::numeric_limits<int32_t>::max();
+}
+
diff --git a/src/util.h b/src/util.h
index cb2bb614f..d06dfb5c1 100644
--- a/src/util.h
+++ b/src/util.h
@@ -261,6 +261,13 @@ inline int atoi(const std::string& str)
     return atoi(str.c_str());
 }
 
+/**
+ * Convert string to signed 32-bit integer with strict parse error feedback.
+ * @returns true if the entire string could be parsed as valid integer,
+ *   false if not the entire string could be parsed or when overflow or underflow occured.
+ */
+bool ParseInt32(const std::string& str, int32_t *out);
+
 inline int roundint(double d)
 {
     return (int)(d > 0 ? d + 0.5 : d - 0.5);