Extend net/base/parse_number.h for parsing of negative numbers, and determining if there was overflo

net/base/parse_number.h

Index: net/base/parse_number.h
diff --git a/net/base/parse_number.h b/net/base/parse_number.h
index 0b88cf0435b3af69d1330c33d07acdbc11c60e52..dc66fb6d8b5e1021fe9d90eea9305194c4af273b 100644
--- a/net/base/parse_number.h
+++ b/net/base/parse_number.h
@@ -15,53 +15,100 @@
 // Q: Doesn't //base already provide these in string_number_conversions.h, with
 //    functions like base::StringToInt()?
 //
-// A: Yes, and those functions are used under the hood by these
-//    implementations.
+// A: Yes, and those functions are used under the hood by these implementations.
 //
-//    However using the number parsing functions from //base directly in network
-//    code can lead to subtle bugs, as the //base versions  are more permissive.
-//    For instance "+99" is successfully parsed by base::StringToInt().
+//    However using the base::StringTo*() has historically led to subtle bugs
+//    in the context of parsing network protocols:
 //
-//    However in the majority of places in //net, a leading plus on a number
-//    should be considered invalid. For instance when parsing a host:port pair
-//    you wouldn't want to recognize "foo:+99" as having a port of 99. The same
-//    issue applies when parsing a content-length header.
+//      * Permitting a leading '+'
+//      * Incorrectly classifying overflow/underflow from a parsing failure
+//      * Allowing negative numbers for non-negative fields
 //
-//    To reduce the risk of such problems, use of these functions over the
-//    //base versions.
+//   This API tries to avoid these problems by picking sensible defaults for
+//   //net code. For more details see crbug.com/596523.
 
 class GURL;
 
 namespace net {
 
-//  Parses a string representing a decimal number to an |int|. Returns true on
-//  success, and fills |*output| with the result. Note that  |*output| is not
-//  modified on failure.
-//
-//  Recognized inputs take the form:
-//    1*DIGIT
+// Format to use when parsing integers.
+enum class ParseIntFormat {
+  // Accepts non-negative base 10 integers of the form:
+  //
+  //    1*DIGIT
+  //
+  // This construction is used in a variety of IETF standards, such as RFC 7230
+  // (HTTP).
+  //
+  // When attempting to parse a negative number using this format, the failure
+  // will be FAILED_PARSE since it violated the expected format (and not
+  // FAILED_UNDERFLOW).
+  //
+  // Also note that inputs need not be in minimal encoding: "0003" is valid and
+  // equivalent to "3".
+  NON_NEGATIVE,
+
+  // Accept optionally negative base 10 integers of the form:
+  //
+  //    ["-"] 1*DIGIT
+  //
+  // In other words, this accepts the same things as NON_NEGATIVE, and
+  // additionally recognizes those numbers prefixed with a '-'.
+  //
+  // Note that by this defintion "-0" IS a valid input.
+  OPTIONALLY_NEGATIVE
+};
+
+// The specific reason why a ParseInt*() function failed.
+enum class ParseIntError {
+  // The parsed number couldn't fit into the provided output type because it was
+  // too high.
+  FAILED_OVERFLOW,
+
+  // The parsed number couldn't fit into the provided output type because it was
+  // too low.
+  FAILED_UNDERFLOW,
+
+  // The number failed to be parsed because it wasn't a valid decimal number (as
+  // determined by the policy).
+  FAILED_PARSE,
+};
+
+// The ParseInt*() functions parse a string representing a number.
 //
-//  Where DIGIT is an ASCII number in the range '0' - '9'
+// The format of the strings that are accepted is controlled by the |format|
+// parameter. This allows rejecting negative numbers.
 //
-//  Note that:
-//   * Parsing is locale independent
-//   * Leading zeros are allowed (numbers needn't be in minimal encoding)
-//   * Inputs that would overflow the output are rejected.
-//   * Only accepts integers
+// These functions return true on success, and fill |*output| with the result.
 //
-//  Examples of recognized inputs are:
-//    "13"
-//    "0"
-//    "00013"
+// On failure, it is guaranteed that |*output| was not modified. If
+// |optional_error| was non-null, then it is filled with the reason for the
+// failure.
+NET_EXPORT bool ParseInt32(const base::StringPiece& input,
+                           ParseIntFormat format,
+                           int32_t* output,
+                           ParseIntError* optional_error = nullptr)
+    WARN_UNUSED_RESULT;
+
+NET_EXPORT bool ParseInt64(const base::StringPiece& input,
+                           ParseIntFormat format,
+                           int64_t* output,
+                           ParseIntError* optional_error = nullptr)
+    WARN_UNUSED_RESULT;
+
+// The ParseUint*() functions parse a string representing a number.
 //
-//  Examples of rejected inputs are:
-//    "  13"
-//    "-13"
-//    "+13"
-//    "0x15"
-//    "13.3"
-NET_EXPORT bool ParseNonNegativeDecimalInt(const base::StringPiece& input,
-                                           int* output) WARN_UNUSED_RESULT;
+// These are equivalent to calling ParseInt*() with a format string of
+// ParseIntFormat::NON_NEGATIVE and unsigned output types.
+NET_EXPORT bool ParseUint32(const base::StringPiece& input,
+                            uint32_t* output,
+                            ParseIntError* optional_error = nullptr)
+    WARN_UNUSED_RESULT;
+
+NET_EXPORT bool ParseUint64(const base::StringPiece& input,
+                            uint64_t* output,
+                            ParseIntError* optional_error = nullptr)
+    WARN_UNUSED_RESULT;
 
 }  // namespace net