From d41715fc9f0050b18b8e976b92e02e86041ee448 Mon Sep 17 00:00:00 2001
From: Dave Love <dave.love@manchester.ac.uk>
Date: Sun, 14 May 2017 23:14:09 +0100
Subject: [PATCH 16/30] Use strtol, not atoi

---
 src/lib/message.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/lib/message.c b/src/lib/message.c
index 502cb454..f84537c7 100644
--- a/src/lib/message.c
+++ b/src/lib/message.c
@@ -26,6 +26,7 @@
 #include <string.h>
 #include <stdarg.h>
 #include <syslog.h>
+#include <limits.h>
 
 #include "config.h"
 #include "util/util.h"
@@ -37,13 +38,20 @@ extern const char *__progname;
 
 void init(void) {
     char *messagelevel_string = getenv("MESSAGELEVEL"); // Flawfinder: ignore (need to get string, validation in atol())
+    char **endptr = &messagelevel_string;
+    long l;
 
     openlog("Singularity", LOG_CONS | LOG_NDELAY, LOG_LOCAL0);
 
     if ( messagelevel_string == NULL ) {
         messagelevel = 1;
     } else {
-        messagelevel = atoi(messagelevel_string); // Flawfinder: ignore
+      l = strtol(messagelevel_string, endptr, 10);
+        if (LONG_MIN == l || LONG_MAX == l || l < 0 || l > 9
+            || (*messagelevel_string != '\0' && **endptr != '\0')) {
+            singularity_message(VERBOSE, "Bad MESSAGELEVEL: %s\n", messagelevel_string);
+        }
+        messagelevel = l;
         if ( messagelevel < 0 ) {
             messagelevel = 0;
         } else if ( messagelevel > 9 ) {
-- 
2.11.0