Parsing Integers in C
10 days ago
- #parsing
- #security
- #libc
- atoi() and atol() are basic but error-prone functions for converting ASCII numbers to integers, lacking overflow checks and platform-independent reliability.
- strtol() and its variants offer more capabilities like overflow detection but still have issues with whitespace handling and platform dependency.
- The curl project emphasizes strict parsing for security and functionality, rejecting incorrect data and ensuring exact number parsing with overflow checks.
- curlx_str_number() is a custom function in curl for strict number parsing, disallowing whitespace and prefixes, and ensuring 64-bit support with max value checks.
- As of November 12, 2025, curl has removed all weak function calls like atoi() and strtol() from its source code, enhancing security and strictness.
- The 'curlx' prefix denotes functions shared between libcurl and the curl tool, reducing code duplication without exposing them in the libcurl API.