Re: [PATCH 1/3] git_parse_unsigned: reject negative values

[Junio C Hamano <gitster@pobox.com>]

"Phillip Wood via GitGitGadget" <gitgitgadget@gmail.com> writes:

> From: Phillip Wood <phillip.wood@dunelm.org.uk>
>
> git_parse_unsigned() relies on strtoumax() which unfortunately parses
> negative values as large positive integers. Fix this by rejecting any
> string that contains '-' as we do in strtoul_ui(). I've chosen to treat
> negative numbers as invalid input and set errno to EINVAL rather than
> ERANGE one the basis that they are never acceptable if we're looking for
> a unsigned integer.

And the code now would reject something like "43-21" because it does
not insist that "-" must be used for a sign, so it makes EINVAL
doubly appropriate, I would think.  In the original code, "43-21"
would have been parsed as "43" (by strtoumax) followed by "-" (which
is rejected by get_unit_factor() and yielded EINVAL, so this change
would not change the behaviour for such an input, if we receive
EINVAL when we see a "-".

A devil's advocate would consider if we ever want to have a unit
factor that has "-" in it (e.g. "10000e-3" == 10).  I can buy it if
we want to declare that it is not worth supporting.

> Signed-off-by: Phillip Wood <phillip.wood@dunelm.org.uk>
> ---
>  config.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/config.c b/config.c
> index cbb5a3bab74..d5069d4f01d 100644
> --- a/config.c
> +++ b/config.c
> @@ -1193,6 +1193,11 @@ static int git_parse_unsigned(const char *value, uintmax_t *ret, uintmax_t max)
>  		uintmax_t val;
>  		uintmax_t factor;
>  
> +		/* negative values would be accepted by strtoumax */
> +		if (strchr(value, '-')) {
> +			errno = EINVAL;
> +			return 0;
> +		}
>  		errno = 0;
>  		val = strtoumax(value, &end, 0);
>  		if (errno == ERANGE)