Skip to content

[CODE HEALTH] Fix clang-tidy bugprone-unchecked-string-to-number-conversion warnings#4216

Merged
marcalff merged 2 commits into
open-telemetry:mainfrom
thc1006:codehealth/unchecked-string-to-number
Jul 7, 2026
Merged

[CODE HEALTH] Fix clang-tidy bugprone-unchecked-string-to-number-conversion warnings#4216
marcalff merged 2 commits into
open-telemetry:mainfrom
thc1006:codehealth/unchecked-string-to-number

Conversation

@thc1006

@thc1006 thc1006 commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Changes

Resolves the bugprone-unchecked-string-to-number-conversion warnings (part of #2053) by replacing unchecked atoi/sscanf calls with strtol, as the check recommends.

  • 8 atoi call sites switched to strtol (with an explicit cast that preserves the original result type, so no narrowing-conversion warning is introduced). <cstdlib> is added to the two ext/http headers that now use strtol directly.
  • 1 sscanf site in configuration_parser.cc is annotated with NOLINTNEXTLINE, since its return count is already validated on the next line (a strtol rewrite would be redundant there).

No behavior change: atoi(s) and strtol(s, nullptr, 10) parse identically for valid input.

Verification

  • Affected example/test/sdk targets compile and link (clang-22); a local clang-tidy run confirms the 9 warnings are resolved with no new warnings introduced.
  • clang-format clean on all changed files.
  • The warning_limit in .github/workflows/clang-tidy.yaml is lowered from 309/319 to 300/310 (the current CI baseline minus the 9 resolved).

Copilot AI review requested due to automatic review settings July 6, 2026 15:58
@thc1006 thc1006 requested a review from a team as a code owner July 6, 2026 15:58

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@marcalff marcalff left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the fix.

@codecov

codecov Bot commented Jul 6, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 55.55556% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.83%. Comparing base (4d09399) to head (5dd6ad0).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
...nclude/opentelemetry/ext/http/server/http_server.h 55.56% 4 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #4216      +/-   ##
==========================================
- Coverage   82.83%   82.83%   -0.00%     
==========================================
  Files         415      415              
  Lines       17423    17431       +8     
==========================================
+ Hits        14431    14437       +6     
- Misses       2992     2994       +2     
Files with missing lines Coverage Δ
...clude/opentelemetry/ext/http/server/socket_tools.h 94.00% <ø> (ø)
sdk/src/configuration/configuration_parser.cc 77.65% <ø> (ø)
...nclude/opentelemetry/ext/http/server/http_server.h 65.83% <55.56%> (-0.32%) ⬇️

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dbarker dbarker left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR! Please see comment below for a minor change.

Comment thread examples/grpc/client.cc Outdated
@thc1006 thc1006 force-pushed the codehealth/unchecked-string-to-number branch from 1f6ec12 to 19ee370 Compare July 6, 2026 22:42
@thc1006 thc1006 requested a review from dbarker July 6, 2026 22:42
@thc1006 thc1006 force-pushed the codehealth/unchecked-string-to-number branch from 19ee370 to b267168 Compare July 6, 2026 22:46
@thc1006

thc1006 commented Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Done. Applied it to all the strtol calls in the PR (not just this line) so they stay consistent, and switched those files from <stdlib.h> to <cstdlib> since that is the header that declares std::strtol.

@dbarker dbarker left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the cleanup. Approved, with some optional suggestions for this PR since the old behavior is retained.

if (colon)
{
inet4.sin_port = htons(atoi(colon + 1));
inet4.sin_port = htons(static_cast<uint16_t>(std::strtol(colon + 1, nullptr, 10)));

@dbarker dbarker Jul 6, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

consider adding a check for a valid port (errno, end ptr, returned value in range) before casting to uint16_t

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added, thanks. It now checks errno, the end pointer, and the 0-65535 range, and falls back to 0 if any of those fail.

if (contentLength != conn.request.headers.end())
{
conn.contentLength = atoi(contentLength->second.c_str());
conn.contentLength =

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

consider adding a check for a valid return from std::strtol before casting and setting content length. Can be a follow up PR.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done here rather than a follow-up. It now checks errno and the end pointer and rejects a negative value with 400 Bad Request. I left trailing characters after a valid number tolerated, since the header value parser does not strip trailing whitespace and I did not want to reject something like 100 .

…ersion warnings

Replace unchecked atoi/sscanf calls with std::strtol across 8 sites (explicit
casts preserve the original result type, so no narrowing warning is
introduced), and NOLINT the one sscanf whose return count is already
validated. Lower the clang-tidy warning_limit accordingly.

The two ext/http server sites that parse untrusted input (the address port in
socket_tools.h and Content-Length in http_server.h) now validate the
std::strtol result (errno, end pointer, and range) before use; an invalid
Content-Length is answered with 400 Bad Request. Part of open-telemetry#2053.

Signed-off-by: thc1006 <84045975+thc1006@users.noreply.github.com>
@thc1006 thc1006 force-pushed the codehealth/unchecked-string-to-number branch from b267168 to 724f289 Compare July 6, 2026 23:26
@marcalff marcalff merged commit db83a82 into open-telemetry:main Jul 7, 2026
72 checks passed
@thc1006 thc1006 deleted the codehealth/unchecked-string-to-number branch July 7, 2026 11:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants