From: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
To: Phillip Wood via GitGitGadget <gitgitgadget@gmail.com>
Cc: git@vger.kernel.org, "René Scharfe" <l.s.r@web.de>,
"Jeff King" <peff@peff.net>,
"Phillip Wood" <phillip.wood@dunelm.org.uk>
Subject: Re: [PATCH v2 1/3] git_parse_unsigned: reject negative values
Date: Wed, 09 Nov 2022 16:57:23 +0100 [thread overview]
Message-ID: <221109.86pmdwp19z.gmgdl@evledraar.gmail.com> (raw)
In-Reply-To: <d1ac79909b9e777cae40a6a301e5cfd988c5f9d7.1668003388.git.gitgitgadget@gmail.com>
On Wed, Nov 09 2022, Phillip Wood via GitGitGadget wrote:
> From: Phillip Wood <phillip.wood@dunelm.org.uk>
>
> git_parse_unsigned() relies on strtoumax() which unfortunately parses
> negative values as large positive integers. Fix this by rejecting any
> string that contains '-' as we do in strtoul_ui(). I've chosen to treat
> negative numbers as invalid input and set errno to EINVAL rather than
> ERANGE one the basis that they are never acceptable if we're looking for
> a unsigned integer. This is also consistent with the existing behavior
> of rejecting "1–2" with EINVAL.
>
> As we do not have unit tests for this function it is tested indirectly
> by checking that negative values of reject for core.bigFileThreshold are
> rejected. As this function is also used by OPT_MAGNITUDE() a test is
> added to check that rejects negative values too.
>
> Helped-by: Jeff King <peff@peff.net>
> Signed-off-by: Phillip Wood <phillip.wood@dunelm.org.uk>
> ---
> config.c | 5 +++++
> t/t0040-parse-options.sh | 5 +++++
> t/t1050-large.sh | 6 ++++++
> 3 files changed, 16 insertions(+)
>
> diff --git a/config.c b/config.c
> index cbb5a3bab74..d5069d4f01d 100644
> --- a/config.c
> +++ b/config.c
> @@ -1193,6 +1193,11 @@ static int git_parse_unsigned(const char *value, uintmax_t *ret, uintmax_t max)
> uintmax_t val;
> uintmax_t factor;
>
> + /* negative values would be accepted by strtoumax */
> + if (strchr(value, '-')) {
> + errno = EINVAL;
> + return 0;
> + }
> errno = 0;
> val = strtoumax(value, &end, 0);
> if (errno == ERANGE)
There's nothing wrong with this, but since the topic here is "some
issues I noticed" here's another one: We don't actually care if you set
"errno = EINVAL" here in particular, just as long as it's not "ERANGE",
anything else will do.
So, not worth a re-roll in itself, but maybe a prep patch (or follow-up)
to do this would be nice? to make sure this errno handling is
"reachable"?
diff --git a/config.c b/config.c
index ff4ea29784b..33d05fde0ea 100644
--- a/config.c
+++ b/config.c
@@ -1260,9 +1260,12 @@ NORETURN
static void die_bad_number(const char *name, const char *value)
{
const char *error_type = (errno == ERANGE) ?
- N_("out of range") : N_("invalid unit");
+ N_("out of range") : errno == EINVAL ? N_("invalid unit") : NULL;
const char *bad_numeric = N_("bad numeric config value '%s' for '%s': %s");
+ if (!error_type)
+ BUG("unhandled errno %d: %s", errno, strerror(errno));
+
if (!value)
value = "";
next prev parent reply other threads:[~2022-11-09 15:59 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-21 13:45 [PATCH 0/3] a few config integer parsing fixes Phillip Wood via GitGitGadget
2022-10-21 13:45 ` [PATCH 1/3] git_parse_unsigned: reject negative values Phillip Wood via GitGitGadget
2022-10-21 18:09 ` Junio C Hamano
2022-10-21 20:13 ` Jeff King
2022-10-22 17:54 ` Junio C Hamano
2022-10-21 13:45 ` [PATCH 2/3] config: require at least one digit when parsing numbers Phillip Wood via GitGitGadget
2022-10-21 18:19 ` Junio C Hamano
2022-10-25 9:54 ` Phillip Wood
2022-10-25 16:08 ` Junio C Hamano
2022-10-21 20:17 ` Jeff King
2022-10-22 17:51 ` Junio C Hamano
2022-10-22 20:25 ` Jeff King
2022-10-22 21:00 ` Junio C Hamano
2022-10-25 9:55 ` Phillip Wood
2022-10-21 13:45 ` [PATCH 3/3] git_parse_signed(): avoid integer overflow Phillip Wood via GitGitGadget
2022-10-21 18:31 ` Junio C Hamano
2022-10-22 8:09 ` René Scharfe
2022-10-22 16:51 ` Junio C Hamano
2022-10-23 5:57 ` René Scharfe
2022-10-25 10:00 ` Phillip Wood
2022-10-26 11:01 ` René Scharfe
2022-11-09 14:16 ` [PATCH v2 0/3] a few config integer parsing fixes Phillip Wood via GitGitGadget
2022-11-09 14:16 ` [PATCH v2 1/3] git_parse_unsigned: reject negative values Phillip Wood via GitGitGadget
2022-11-09 15:57 ` Ævar Arnfjörð Bjarmason [this message]
2022-11-09 14:16 ` [PATCH v2 2/3] config: require at least one digit when parsing numbers Phillip Wood via GitGitGadget
2022-11-09 14:16 ` [PATCH v2 3/3] git_parse_signed(): avoid integer overflow Phillip Wood via GitGitGadget
2022-11-10 2:35 ` [PATCH v2 0/3] a few config integer parsing fixes Taylor Blau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=221109.86pmdwp19z.gmgdl@evledraar.gmail.com \
--to=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=l.s.r@web.de \
--cc=peff@peff.net \
--cc=phillip.wood@dunelm.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.