No way to parse integers in C (2022)
12 hours ago
- #standard library
- #integer parsing
- #C programming
- The C standard library lacks reliable functions for parsing strings into numbers, with all methods having significant flaws.
- atol() is unsafe due to undefined behavior on overflow and inability to indicate errors, making it unusable for untrusted input.
- strtol() can be used correctly for signed numbers with careful error checking, but strtoul() fails for unsigned numbers due to handling of negative values.
- sscanf() is unreliable for unsigned long parsing as it cannot distinguish between valid and overflow values, such as confusing -1 with ULONG_MAX.
- C++'s std::stoul() and std::istringstream have similar issues, but std::from_chars provides a correct solution for parsing integers without unwanted sign handling.
- A workaround for unsigned parsing in C involves using strtol() to detect negatives and then strtoul(), but it remains limited for upper-half unsigned values.
- The article emphasizes the importance of error-checking in parsing APIs and suggests writing custom parsers for unsigned long when full range is needed.