From a2ed0bf0b41458f63511edfd455ee1e3a049241e Mon Sep 17 00:00:00 2001
From: yihaoDeng <luomoxyz@126.com>
Date: Wed, 4 Dec 2024 14:38:16 +0800
Subject: [PATCH] Replace unsafe memory functions with safe versions

---
 source/os/src/osString.c         |   7 +
 source/os/test/osStringTests.cpp | 430 +++++++++++++++++++++++++++++++
 2 files changed, 437 insertions(+)

diff --git a/source/os/src/osString.c b/source/os/src/osString.c
index f6de06f4e9..9a681d9d75 100644
--- a/source/os/src/osString.c
+++ b/source/os/src/osString.c
@@ -120,6 +120,7 @@ int32_t taosStr2int64(const char *str, int64_t *val) {
   if (str == NULL || val == NULL) {
     return TSDB_CODE_INVALID_PARA;
   }
+  errno = 0;
   char   *endptr = NULL;
   int64_t ret = strtoll(str, &endptr, 10);
   if (errno == ERANGE && (ret == LLONG_MAX || ret == LLONG_MIN)) {
@@ -127,6 +128,9 @@ int32_t taosStr2int64(const char *str, int64_t *val) {
   } else if (errno == EINVAL && ret == 0) {
     return TSDB_CODE_INVALID_PARA;
   } else {
+    if (endptr == str) {
+      return TSDB_CODE_INVALID_PARA;
+    }
     *val = ret;
     return 0;
   }
@@ -187,6 +191,9 @@ int32_t taosStr2Uint64(const char *str, uint64_t *val) {
   } else if (errno == EINVAL && ret == 0) {
     return TSDB_CODE_INVALID_PARA;
   } else {
+    if (str == endptr) {
+      return TSDB_CODE_INVALID_PARA;
+    }
     *val = ret;
     return 0;
   }
diff --git a/source/os/test/osStringTests.cpp b/source/os/test/osStringTests.cpp
index de07d21959..d4ab6a097f 100644
--- a/source/os/test/osStringTests.cpp
+++ b/source/os/test/osStringTests.cpp
@@ -154,3 +154,433 @@ TEST(osStringTests, ostsnprintfTests) {
     EXPECT_EQ(ret, 11);
     EXPECT_STREQ(buffer, "Float: 3.14");
 }
+TEST(osStringTests, osStr2Int64) {
+    int64_t val;
+    int32_t result;
+
+    // 测试空指针输入
+    result = taosStr2int64(NULL, &val);
+    assert(result == TSDB_CODE_INVALID_PARA);
+
+    result = taosStr2int64("123", NULL);
+    assert(result == TSDB_CODE_INVALID_PARA);
+
+    // 测试无效输入
+    result = taosStr2int64("abc", &val);
+    assert(result == TSDB_CODE_INVALID_PARA);
+
+    result = taosStr2int64("", &val);
+    assert(result == TSDB_CODE_INVALID_PARA);
+   char large_num[50];
+    snprintf(large_num, sizeof(large_num), "%lld", LLONG_MAX);
+    result = taosStr2int64(large_num, &val);
+    assert(result == 0);
+    assert(val == LLONG_MAX);
+
+    snprintf(large_num, sizeof(large_num), "%lld", LLONG_MIN);
+    result = taosStr2int64(large_num, &val);
+    assert(result == 0);
+    assert(val == LLONG_MIN);
+
+    // 测试有效的整数字符串
+    result = taosStr2int64("12345", &val);
+    assert(result == 0);
+    assert(val == 12345);
+
+    result = taosStr2int64("-12345", &val);
+    assert(result == 0);
+    assert(val == -12345);
+
+    result = taosStr2int64("0", &val);
+    assert(result == 0);
+    assert(val == 0);
+
+    // 测试带空格的字符串
+    result = taosStr2int64("  12345", &val);
+    assert(result == 0);
+    assert(val == 12345);
+
+    result = taosStr2int64("12345  ", &val);
+    assert(result == 0);
+    assert(val == 12345);
+}
+TEST(osStringTests, osStr2int32) {
+    int32_t val;
+    int32_t result;
+
+    // 测试空指针输入
+    result = taosStr2int32(NULL, &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    result = taosStr2int32("123", NULL);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    // 测试无效输入
+    result = taosStr2int32("abc", &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    result = taosStr2int32("", &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    // 测试超出范围的值
+    char large_num[50];
+    snprintf(large_num, sizeof(large_num), "%d", INT_MAX);
+     result = taosStr2int32(large_num, &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, INT_MAX);
+
+    snprintf(large_num, sizeof(large_num), "%d", INT_MIN);
+    result = taosStr2int32(large_num, &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, INT_MIN);
+
+     // 测试大于 INT32 范围的值
+    snprintf(large_num, sizeof(large_num), "%lld", (long long)INT_MAX + 1);
+    result = taosStr2int32(large_num, &val);
+    ASSERT_EQ(result, TAOS_SYSTEM_ERROR(ERANGE));
+
+    snprintf(large_num, sizeof(large_num), "%lld", (long long)INT_MIN - 1);
+    result = taosStr2int32(large_num, &val);
+    ASSERT_EQ(result, TAOS_SYSTEM_ERROR(ERANGE));
+
+    
+
+    // 测试有效的整数字符串
+    result = taosStr2int32("12345", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 12345);
+
+    result = taosStr2int32("-12345", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, -12345);
+
+    result = taosStr2int32("0", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 0);
+
+    // 测试带空格的字符串
+    result = taosStr2int32("  12345", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 12345);
+
+    result = taosStr2int32("12345  ", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 12345);
+}
+
+TEST(osStringTests, taosStr2int16) {
+    int16_t val;
+    int32_t result;
+
+    // 测试空指针输入
+    result = taosStr2int16(NULL, &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    result = taosStr2int16("123", NULL);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    // 测试无效输入
+    result = taosStr2int16("abc", &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    result = taosStr2int16("", &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    // 测试超出范围的值
+    char large_num[50];
+    snprintf(large_num, sizeof(large_num), "%d", INT16_MAX);
+    result = taosStr2int16(large_num, &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, INT16_MAX);
+
+    snprintf(large_num, sizeof(large_num), "%d", INT16_MIN);
+    result = taosStr2int16(large_num, &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, INT16_MIN);
+
+    // 测试大于 INT16 范围的值
+    snprintf(large_num, sizeof(large_num), "%lld", (long long)INT16_MAX + 1);
+    result = taosStr2int16(large_num, &val);
+    ASSERT_EQ(result, TAOS_SYSTEM_ERROR(ERANGE));
+
+    snprintf(large_num, sizeof(large_num), "%lld", (long long)INT16_MIN - 1);
+    result = taosStr2int16(large_num, &val);
+    ASSERT_EQ(result, TAOS_SYSTEM_ERROR(ERANGE));
+
+    // 测试有效的整数字符串
+    result = taosStr2int16("12345", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 12345);
+
+    result = taosStr2int16("-12345", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, -12345);
+
+    result = taosStr2int16("0", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 0);
+
+    // 测试带空格的字符串
+    result = taosStr2int16("  12345", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 12345);
+
+    result = taosStr2int16("12345  ", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 12345);
+}
+
+
+TEST(osStringTests, taosStr2int8) {
+    int8_t val;
+    int32_t result;
+
+    // 测试空指针输入
+    result = taosStr2int8(NULL, &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    result = taosStr2int8("123", NULL);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    // 测试无效输入
+    result = taosStr2int8("abc", &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    result = taosStr2int8("", &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    // 测试超出范围的值
+    char large_num[50];
+    snprintf(large_num, sizeof(large_num), "%d", INT8_MAX);
+    result = taosStr2int8(large_num, &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, INT8_MAX);
+
+    snprintf(large_num, sizeof(large_num), "%d", INT8_MIN);
+    result = taosStr2int8(large_num, &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, INT8_MIN);
+
+    // 测试大于 INT8 范围的值
+    snprintf(large_num, sizeof(large_num), "%lld", (long long)INT8_MAX + 1);
+    result = taosStr2int8(large_num, &val);
+    ASSERT_EQ(result, TAOS_SYSTEM_ERROR(ERANGE));
+
+    snprintf(large_num, sizeof(large_num), "%lld", (long long)INT8_MIN - 1);
+    result = taosStr2int8(large_num, &val);
+    ASSERT_EQ(result, TAOS_SYSTEM_ERROR(ERANGE));
+
+    // 测试有效的整数字符串
+    result = taosStr2int8("123", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 123);
+
+    result = taosStr2int8("-123", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, -123);
+
+    result = taosStr2int8("0", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 0);
+
+    // 测试带空格的字符串
+    result = taosStr2int8("  123", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 123);
+
+    result = taosStr2int8("123  ", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 123);
+}
+
+TEST(osStringTests, osStr2Uint64) {
+   uint64_t val;
+    int32_t result;
+
+    // 测试空指针输入
+    result = taosStr2Uint64(NULL, &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    result = taosStr2Uint64("123", NULL);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    // 测试无效输入
+    result = taosStr2Uint64("abc", &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    result = taosStr2Uint64("", &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    char large_num[50];
+    snprintf(large_num, sizeof(large_num), "%llu", ULLONG_MAX);
+    result = taosStr2Uint64(large_num, &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, ULLONG_MAX);
+
+    // 测试有效的整数字符串
+    result = taosStr2Uint64("12345", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 12345);
+
+    result = taosStr2Uint64("0", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 0);
+
+    // 测试带空格的字符串
+    result = taosStr2Uint64("  12345", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 12345);
+
+    result = taosStr2Uint64("12345  ", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 12345);
+
+}
+
+TEST(osStringTests, taosStr2Uint32) {
+    uint32_t val;
+    int32_t result;
+
+    // 测试空指针输入
+    result = taosStr2Uint32(NULL, &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    result = taosStr2Uint32("123", NULL);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    // 测试无效输入
+    result = taosStr2Uint32("abc", &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    result = taosStr2Uint32("", &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    // 测试超出范围的值
+    char large_num[50];
+    snprintf(large_num, sizeof(large_num), "%u", UINT32_MAX);
+    result = taosStr2Uint32(large_num, &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, UINT32_MAX);
+
+    // 测试大于 UINT32 范围的值
+    snprintf(large_num, sizeof(large_num), "%llu", (unsigned long long)UINT32_MAX + 1);
+    result = taosStr2Uint32(large_num, &val);
+    ASSERT_EQ(result, TAOS_SYSTEM_ERROR(ERANGE));
+
+    // 测试有效的整数字符串
+    result = taosStr2Uint32("12345", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 12345);
+
+    result = taosStr2Uint32("0", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 0);
+
+    // 测试带空格的字符串
+    result = taosStr2Uint32("  12345", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 12345);
+
+    result = taosStr2Uint32("12345  ", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 12345);
+}
+
+TEST(osStringTests, taosStr2Uint16) {
+    uint16_t val;
+    int32_t result;
+
+    // 测试空指针输入
+    result = taosStr2Uint16(NULL, &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    result = taosStr2Uint16("123", NULL);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    // 测试无效输入
+    result = taosStr2Uint16("abc", &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    result = taosStr2Uint16("", &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    // 测试超出范围的值
+    char large_num[50];
+    snprintf(large_num, sizeof(large_num), "%u", UINT16_MAX);
+    result = taosStr2Uint16(large_num, &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, UINT16_MAX);
+
+    // 测试大于 UINT16 范围的值
+    snprintf(large_num, sizeof(large_num), "%llu", (unsigned long long)UINT16_MAX + 1);
+    result = taosStr2Uint16(large_num, &val);
+    ASSERT_EQ(result, TAOS_SYSTEM_ERROR(ERANGE));
+
+    // 测试有效的整数字符串
+    result = taosStr2Uint16("12345", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 12345);
+
+    result = taosStr2Uint16("0", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 0);
+
+    // 测试带空格的字符串
+    result = taosStr2Uint16("  12345", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 12345);
+
+    result = taosStr2Uint16("12345  ", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 12345);
+}
+
+TEST(osStringTests, taosStr2Uint8) {
+    uint8_t val;
+    int32_t result;
+
+    // 测试空指针输入
+    result = taosStr2Uint8(NULL, &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    result = taosStr2Uint8("123", NULL);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    // 测试无效输入
+    result = taosStr2Uint8("abc", &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    result = taosStr2Uint8("", &val);
+    ASSERT_EQ(result, TSDB_CODE_INVALID_PARA);
+
+    // 测试超出范围的值
+    char large_num[50];
+    snprintf(large_num, sizeof(large_num), "%u", UINT8_MAX);
+    result = taosStr2Uint8(large_num, &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, UINT8_MAX);
+
+    // 测试大于 UINT8 范围的值
+    snprintf(large_num, sizeof(large_num), "%llu", (unsigned long long)UINT8_MAX + 1);
+    result = taosStr2Uint8(large_num, &val);
+    ASSERT_EQ(result, TAOS_SYSTEM_ERROR(ERANGE));
+
+    // 测试有效的整数字符串
+    result = taosStr2Uint8("123", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 123);
+
+    result = taosStr2Uint8("0", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 0);
+
+    // 测试带空格的字符串
+    result = taosStr2Uint8("  123", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 123);
+
+    result = taosStr2Uint8("123  ", &val);
+    ASSERT_EQ(result, 0);
+    ASSERT_EQ(val, 123);
+}
+