[PATCH] tools/sched_ext: fix strtoul() misuse in scx_hotplug_seq()

Next message: Werner Sembach: "Re: [PATCH v2 1/4] platform/x86/uniwill: uniwill-laptop: Rework hwmon feature defines"
Previous message: Rafael J. Wysocki: "Re: [RFC v1 0/8] acpi/x86: s2idle: Introduce and implement runtime standby ABI for ACPI s0ix platforms"
In reply to: Tejun Heo: "Re: [PATCH] tools/sched_ext: fix strtoul() misuse in scx_hotplug_seq()"
Next in thread: Tejun Heo: "Re: [PATCH] tools/sched_ext: fix strtoul() misuse in scx_hotplug_seq()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Carlier

Date: Fri Feb 27 2026 - 13:43:22 EST

scx_hotplug_seq() uses strtoul() but validates the result with a
negative check (val < 0), which can never be true for an unsigned
return value.

Use the endptr mechanism to verify the entire string was consumed,
and check errno == ERANGE for overflow detection.

Signed-off-by: David Carlier <devnexen@xxxxxxxxx>
---
tools/sched_ext/include/scx/compat.h | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tools/sched_ext/include/scx/compat.h b/tools/sched_ext/include/scx/compat.h
index 8b4897fc8b99..edccc99c7294 100644
--- a/tools/sched_ext/include/scx/compat.h
+++ b/tools/sched_ext/include/scx/compat.h
@@ -125,6 +125,7 @@ static inline long scx_hotplug_seq(void)
{
int fd;
char buf[32];
+ char *endptr;
ssize_t len;
long val;

@@ -137,8 +138,10 @@ static inline long scx_hotplug_seq(void)
buf[len] = 0;
close(fd);

- val = strtoul(buf, NULL, 10);
- SCX_BUG_ON(val < 0, "invalid num hotplug events: %lu", val);
+ errno = 0;
+ val = strtoul(buf, &endptr, 10);
+ SCX_BUG_ON(errno == ERANGE || endptr == buf ||
+ (*endptr != '\n' && *endptr != '\0'), "invalid num hotplug events: %ld", val);

return val;
}
--
2.51.0