From d2104df69b464721a17c21b4cd27931dc3bca612 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 18 Jun 2015 17:46:54 -0700
Subject: [PATCH] init/util.cpp: don't return a negative unsigned value

android_name_to_id() returns -1U on error, which causes a
crash when the following clang options are enabled:

  -fsanitize=signed-integer-overflow,unsigned-integer-overflow
  -ftrap-function=abort
  -fsanitize-undefined-trap-on-error

Rather than returning a negative unsigned value (which doesn't
make a lot of sense, IMHO), return a positive unsigned value.

While we're here, add logging on decode_uid failures.

Bug: 21880301
Change-Id: I652e4c1daa07c7494cceca2b4e1656b9158f2604
---
 init/util.cpp      | 28 ++++++++++++++++++----------
 init/util_test.cpp |  2 +-
 2 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/init/util.cpp b/init/util.cpp
index 8216892ba..7f29e94a5 100644
--- a/init/util.cpp
+++ b/init/util.cpp
@@ -47,7 +47,7 @@
 
 /*
  * android_name_to_id - returns the integer uid/gid associated with the given
- * name, or -1U on error.
+ * name, or UINT_MAX on error.
  */
 static unsigned int android_name_to_id(const char *name)
 {
@@ -59,27 +59,35 @@ static unsigned int android_name_to_id(const char *name)
             return info[n].aid;
     }
 
-    return -1U;
+    return UINT_MAX;
 }
 
-/*
- * decode_uid - decodes and returns the given string, which can be either the
- * numeric or name representation, into the integer uid or gid. Returns -1U on
- * error.
- */
-unsigned int decode_uid(const char *s)
+static unsigned int do_decode_uid(const char *s)
 {
     unsigned int v;
 
     if (!s || *s == '\0')
-        return -1U;
+        return UINT_MAX;
     if (isalpha(s[0]))
         return android_name_to_id(s);
 
     errno = 0;
     v = (unsigned int) strtoul(s, 0, 0);
     if (errno)
-        return -1U;
+        return UINT_MAX;
+    return v;
+}
+
+/*
+ * decode_uid - decodes and returns the given string, which can be either the
+ * numeric or name representation, into the integer uid or gid. Returns
+ * UINT_MAX on error.
+ */
+unsigned int decode_uid(const char *s) {
+    unsigned int v = do_decode_uid(s);
+    if (v == UINT_MAX) {
+        ERROR("decode_uid: Unable to find UID for '%s'. Returning UINT_MAX\n", s);
+    }
     return v;
 }
 
diff --git a/init/util_test.cpp b/init/util_test.cpp
index 5b3ab50b2..228954b44 100644
--- a/init/util_test.cpp
+++ b/init/util_test.cpp
@@ -38,6 +38,6 @@ TEST(util, read_file_success) {
 
 TEST(util, decode_uid) {
   EXPECT_EQ(0U, decode_uid("root"));
-  EXPECT_EQ(-1U, decode_uid("toot"));
+  EXPECT_EQ(UINT_MAX, decode_uid("toot"));
   EXPECT_EQ(123U, decode_uid("123"));
 }