[PATCH v4 1/7] parse: fix off-by-one for minimum signed values

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Patrick Steinhardt <ps@pks.im>
To: git@vger.kernel.org
Cc: "John Paul Adrian Glaubitz" <glaubitz@physik.fu-berlin.de>,
	"Todd Zullinger" <tmz@pobox.com>, "René Scharfe" <l.s.r@web.de>,
	"SZEDER Gábor" <szeder.dev@gmail.com>,
	"Derrick Stolee" <stolee@gmail.com>, "Jeff King" <peff@peff.net>,
	"Phillip Wood" <phillip.wood123@gmail.com>
Subject: [PATCH v4 1/7] parse: fix off-by-one for minimum signed values
Date: Thu, 17 Apr 2025 12:49:36 +0200	[thread overview]
Message-ID: <20250417-b4-pks-parse-options-integers-v4-1-9cbc76b61cfe@pks.im> (raw)
In-Reply-To: <20250417-b4-pks-parse-options-integers-v4-0-9cbc76b61cfe@pks.im>

We accept a maximum value in `git_parse_signed()` that restricts the
range of accepted integers. As the intent is to pass `INT*_MAX` values
here, this maximum doesn't only act as the upper bound, but also as the
implicit lower bound of the accepted range.

This lower bound is calculated by negating the maximum. But given that
the maximum value of a signed integer with N bits is `2^(N-1)-1` whereas
the minimum value is `-2^(N-1)` we have an off-by-one error in the lower
bound.

Fix this off-by-one error by using `-max - 1` as lower bound instead.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
---
 parse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/parse.c b/parse.c
index 7a60a4f816c..3c47448ca67 100644
--- a/parse.c
+++ b/parse.c
@@ -38,7 +38,7 @@ int git_parse_signed(const char *value, intmax_t *ret, intmax_t max)
 			errno = EINVAL;
 			return 0;
 		}
-		if ((val < 0 && -max / factor > val) ||
+		if ((val < 0 && (-max - 1) / factor > val) ||
 		    (val > 0 && max / factor < val)) {
 			errno = ERANGE;
 			return 0;

-- 
2.49.0.805.g082f7c87e0.dirty

next prev parent reply	other threads:[~2025-04-17 10:49 UTC|newest]

Thread overview: 46+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-04-01 15:01 [PATCH 0/5] parse-options: harden handling of integer values Patrick Steinhardt
2025-04-01 15:01 ` [PATCH 1/5] global: use designated initializers for options Patrick Steinhardt
2025-04-01 15:01 ` [PATCH 2/5] parse-options: introduce precision handling for `OPTION_INTEGER` Patrick Steinhardt
2025-04-01 18:47   ` René Scharfe
2025-04-15 10:26     ` Patrick Steinhardt
2025-04-01 15:01 ` [PATCH 3/5] parse-options: introduce precision handling for `OPTION_MAGNITUDE` Patrick Steinhardt
2025-04-01 15:01 ` [PATCH 4/5] parse-options: introduce `OPTION_UNSIGNED` Patrick Steinhardt
2025-04-01 15:01 ` [PATCH 5/5] parse-options: detect mismatches in integer signedness Patrick Steinhardt
2025-04-15 12:14 ` [PATCH v2 0/5] parse-options: harden handling of integer values Patrick Steinhardt
2025-04-15 12:14   ` [PATCH v2 1/5] global: use designated initializers for options Patrick Steinhardt
2025-04-15 12:14   ` [PATCH v2 2/5] parse-options: introduce precision handling for `OPTION_INTEGER` Patrick Steinhardt
2025-04-15 15:51     ` Phillip Wood
2025-04-16 10:28       ` Patrick Steinhardt
2025-04-15 16:59     ` Junio C Hamano
2025-04-16 10:28       ` Patrick Steinhardt
2025-04-15 12:14   ` [PATCH v2 3/5] parse-options: introduce precision handling for `OPTION_MAGNITUDE` Patrick Steinhardt
2025-04-15 12:14   ` [PATCH v2 4/5] parse-options: introduce `OPTION_UNSIGNED` Patrick Steinhardt
2025-04-15 15:52     ` Phillip Wood
2025-04-16 10:27       ` Patrick Steinhardt
2025-04-16 13:31         ` phillip.wood123
2025-04-15 17:38     ` René Scharfe
2025-04-16 10:28       ` Patrick Steinhardt
2025-04-15 12:14   ` [PATCH v2 5/5] parse-options: detect mismatches in integer signedness Patrick Steinhardt
2025-04-15 17:02     ` Junio C Hamano
2025-04-16 10:02 ` [PATCH v3 0/7] parse-options: harden handling of integer values Patrick Steinhardt
2025-04-16 10:02   ` [PATCH v3 1/7] global: use designated initializers for options Patrick Steinhardt
2025-04-16 10:02   ` [PATCH v3 2/7] parse-options: check for overflow when parsing integers Patrick Steinhardt
2025-04-16 10:02   ` [PATCH v3 3/7] parse-options: introduce precision handling for `OPTION_INTEGER` Patrick Steinhardt
2025-04-16 17:29     ` Junio C Hamano
2025-04-16 10:02   ` [PATCH v3 4/7] parse-options: introduce precision handling for `OPTION_MAGNITUDE` Patrick Steinhardt
2025-04-16 10:02   ` [PATCH v3 5/7] parse-options: introduce `OPTION_UNSIGNED` Patrick Steinhardt
2025-04-16 18:50     ` Junio C Hamano
2025-04-17  8:15       ` Patrick Steinhardt
2025-04-16 10:02   ` [PATCH v3 6/7] parse-options: detect mismatches in integer signedness Patrick Steinhardt
2025-04-16 10:02   ` [PATCH v3 7/7] parse-options: introduce bounded integer options Patrick Steinhardt
2025-04-16 19:19     ` Junio C Hamano
2025-04-17  8:14       ` Patrick Steinhardt
2025-04-17 10:49 ` [PATCH v4 0/7] parse-options: harden handling of integer values Patrick Steinhardt
2025-04-17 10:49   ` Patrick Steinhardt [this message]
2025-04-17 10:49   ` [PATCH v4 2/7] global: use designated initializers for options Patrick Steinhardt
2025-04-17 10:49   ` [PATCH v4 3/7] parse-options: support unit factors in `OPT_INTEGER()` Patrick Steinhardt
2025-04-17 10:49   ` [PATCH v4 4/7] parse-options: rename `OPT_MAGNITUDE()` to `OPT_UNSIGNED()` Patrick Steinhardt
2025-04-17 15:17     ` Junio C Hamano
2025-04-17 10:49   ` [PATCH v4 5/7] parse-options: introduce precision handling for `OPTION_INTEGER` Patrick Steinhardt
2025-04-17 10:49   ` [PATCH v4 6/7] parse-options: introduce precision handling for `OPTION_UNSIGNED` Patrick Steinhardt
2025-04-17 10:49   ` [PATCH v4 7/7] parse-options: detect mismatches in integer signedness Patrick Steinhardt

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7a60a4f816 dfblob:3c47448ca6 )
 OR (
bs:"[PATCH v4 1/7] parse: fix off-by-one for minimum signed values" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250417-b4-pks-parse-options-integers-v4-1-9cbc76b61cfe@pks.im \
    --to=ps@pks.im \
    --cc=git@vger.kernel.org \
    --cc=glaubitz@physik.fu-berlin.de \
    --cc=l.s.r@web.de \
    --cc=peff@peff.net \
    --cc=phillip.wood123@gmail.com \
    --cc=stolee@gmail.com \
    --cc=szeder.dev@gmail.com \
    --cc=tmz@pobox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).