Parsing Integers in C

https://daniel.haxx.se/blog/2025/11/13/parsing-integers-in-c/

51•8organicbits•2mo ago

Comments

johnisgood•2mo ago

Quick link to the code: https://github.com/curl/curl/blob/3d42510118a9eba12a0d3cd4e2...

piker•2mo ago

"I think we in the curl project as well as more or less the entire world has learned through the years that it is usually better to be strict when parsing protocols and data, rather than be lenient and try to accept many things and guess what it otherwise maybe meant."

Found this explicit rejection of the Robustness principle[1] fascinating. It comes after decades of cURL operating in the environment that was an ostensible poster child for the benefits of the principle--i.e., HTML over HTTP.

[1] https://en.wikipedia.org/wiki/Robustness_principle

jesse__•2mo ago

The more experienced I get, the more I've started to think that most of the 'principals', 'patterns' and 'best practices' tossed around in the industry are mostly bullshit.

Be attentive to the classes of bugs you (and your team) produce, and act accordingly to correct those.

DannyB2•2mo ago

Being liberal in what you accept is fine, as long as what you accept is precisely documented. But then, is that actually "being liberal"?

Better advice is to not do something unexpected -- even if that unexpected result is clearly documented, but someone did not read it.

trollbridge•2mo ago

I disagree with the robustness principle. Be strict in what you accept - require them to meet the spec.

Quekid5•2mo ago

I think it's been a commonly held opinion in security circles for at least 15+ years that the Robustness principle is generally counterproductive to security. It (almost inevitably) leads to unexpected interactions between different systems which, ultimately, allow for Weird Machines to be constructed.

An argument can be made that it was instrumental in bootstrapping the early Internet, but it's not really necessary these days. People should know what they're doing 35+ years on.

It is usually better to just state fully formally up front what is acceptable and reject anything else out of hand. Of course some stuff does need dynamic checks, e.g. ACLs and such, but that's fine... rejecting "iffy" input before we get to that stage doesn't interfere with that.

0manrho•2mo ago

> I think it's been a commonly held opinion in security circles for at least 15+ years that the Robustness principle is generally counterproductive to security

Well yes, that's because people have been misapplying and misunderstanding it. The original idea was predicated on the concept of "assume that the network is filled with malevolent entities that will send in packets designed to have the worst possible effect"

But then the Fail Fast, Fail Often stupidity started spreading like wildfire and companies realized that the consequence for data breaches or other security failures was an acceptable cost of doing business (even if not always true) vs the cost of actually paying devs and sec teams to implement things properly and people kinda lost the plot on it. They just focused on the "be liberal in what you accept" part, went "Wow! That makes thing easy" and maybe only checked for the most common potential abuses/failure/exploit modes, if they bothered at all and only patched things retroactively as issues and exploits popped up in the wild.

Doing it correctly, like building anything robust and/or secure, is a non-trivial task.

recursivecaveat•2mo ago

The robustness principle is locally optimal. If you want your software to not crash for users, then yes you should just silently correct weird inputs and you should make sure your outputs are following everyone else's happy paths. If you want a globally optimal ecosystem of reliable and predictable behaviour then you want everyone rejecting non-conforming inputs and outputing data that hits all the edge cases of the formats to shake out non-compliant servers.

Joker_vD•2mo ago

The strtoul()/strtoull() also have a somewhat strange semantics regarding the leading '-': it will apply it to the (unsigned) result, so e.g strtoul("-40", ...) happily returns 18446744073709551576.

Also, the wording of the standard suggests that using strtol()/strtoll() to parse the string representation of LONG_MIN/LLONG_MIN is UB, since it kinda has to go through un-negated LONG_MAX+1/LLONG_MAX+1 which can't be represented in the return type?

BobbyTables2•2mo ago

I find handling of “-“ (and “+”) on an unsigned integer utterly bizarre.

Words no longer have meaning.

leopoldj•2mo ago

Somewhat related, if you are on a C++ project, please consider std::from_chars. It's non-allocating and non-throwing. Works with non-NULL terminated strings.

https://mobiarch.wordpress.com/2022/12/12/string-to-number-c...

eska•2mo ago

TFA says performance might be worse, but it’s easy to beat libc because it supports different formats etc that you don’t need. Float parsing is tough to beat, but only if you want perfect precision for the full range. If you just parse millions of physical distance measurements from some csv you don’t have such issues either.

Will Future Generations Think We're Gross?

Kernel Key Retention Service

State Department will delete Xitter posts from before Trump returned to office

Show HN: Verifiable server roundtrip demo for a decision interruption system

Impl Rust – Avro IDL Tool in Rust via Antlr

Stories from 25 Years of Software Development

minikeyvalue

Neomacs: GPU-accelerated Emacs with inline video, WebKit, and terminal via wgpu

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)

How I grow my X presence?

What's the cost of the most expensive Super Bowl ad slot?

What if you just did a startup instead?

Hacking up your own shell completion (2020)

Show HN: Gorse 0.5 – Open-source recommender system with visual workflow editor

GLM-OCR: Accurate × Fast × Comprehensive

Local Agent Bench: Test 11 small LLMs on tool-calling judgment, on CPU, no GPU

Show HN: AboutMyProject – A public log for developer proof-of-work

Expertise, AI and Work of Future [video]

So Long to Cheap Books You Could Fit in Your Pocket

PID Controller

SpaceX Rocket Generates 100GW of Power, or 20% of US Electricity

Kubernetes MCP Server

I Built a Movie Recommendation Agent to Solve Movie Nights with My Wife

What were the first animals? The fierce sponge–jelly battle that just won't end

Sidestepping Evaluation Awareness and Anticipating Misalignment

OldMapsOnline

What It's Like to Be a Worm

Don't go to physics grad school and other cautionary tales

Lawyer sets new standard for abuse of AI; judge tosses case

AI anxiety batters software execs, costing them combined $62B: report