From: Matthieu Moy <Matthieu.Moy@imag.fr>
To: gitster@pobox.com
Cc: git@vger.kernel.org, max@max630.net, Matthieu Moy <Matthieu.Moy@imag.fr>
Subject: [PATCH v2] strtoul_ui: reject negative values
Date: Thu, 17 Sep 2015 18:28:33 +0200 [thread overview]
Message-ID: <1442507313-13028-1-git-send-email-Matthieu.Moy@imag.fr> (raw)
In-Reply-To: <xmqqpp1hj9yu.fsf@gitster.mtv.corp.google.com>
strtoul_ui uses strtoul to get a long unsigned, then checks that casting
to unsigned does not lose information and return the casted value.
On 64 bits architecture, checking that the cast does not change the value
catches most errors, but when sizeof(int) == sizeof(long) (e.g. i386),
the check does nothing. Unfortunately, strtoul silently accepts negative
values, and as a result strtoul_ui("-1", ...) raised no error.
This patch catches negative values before it's too late, i.e. before
calling strtoul.
Reported-by: Max Kirillov <max@max630.net>
Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr>
---
Junio C Hamano <gitster@pobox.com> writes:
> Matthieu Moy <Matthieu.Moy@imag.fr> writes:
>
>> This patch catches negative values before it's too late, i.e. before
>> calling strtoul. We still silently accept very large integers that wrap
>> to a valid "unsigned int".
>
> Is the last statement correct? A very large long uint that wrap to
> uint would not fit in long uint and you would get ERANGE, no?
Indeed. strtoul happily accepts negative values, but not overly large
ones.
I removed the sentence from the message. Actually, I think we are now
accepting exactly the right interval of values.
>> It should be merged before Kartik's series (or inserted at the start
>> of the series) so that we get the fix before the test breakage.
>
> Which one of his series?
kn/for-each-tag, which uses strtoul_ui for align:<num> and
content:lines=<num>.
git-compat-util.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/git-compat-util.h b/git-compat-util.h
index f649e81..1df82fa 100644
--- a/git-compat-util.h
+++ b/git-compat-util.h
@@ -814,6 +814,9 @@ static inline int strtoul_ui(char const *s, int base, unsigned int *result)
char *p;
errno = 0;
+ /* negative values would be accepted by strtoul */
+ if (strchr(s, '-'))
+ return -1;
ul = strtoul(s, &p, base);
if (errno || *p || p == s || (unsigned int) ul != ul)
return -1;
--
2.5.0.402.g8854c44
prev parent reply other threads:[~2015-09-17 16:28 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-17 14:37 [PATCH] strtoul_ui: reject negative values Matthieu Moy
2015-09-17 15:17 ` Marc Branchaud
2015-09-17 15:34 ` Matthieu Moy
2015-09-17 16:12 ` Marc Branchaud
2015-09-17 16:18 ` Junio C Hamano
2015-09-17 16:28 ` Matthieu Moy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1442507313-13028-1-git-send-email-Matthieu.Moy@imag.fr \
--to=matthieu.moy@imag.fr \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=max@max630.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).