From: Marc Branchaud <marcnarc@xiplink.com>
To: Matthieu Moy <Matthieu.Moy@imag.fr>, gitster@pobox.com
Cc: git@vger.kernel.org, max@max630.net
Subject: Re: [PATCH] strtoul_ui: reject negative values
Date: Thu, 17 Sep 2015 11:17:21 -0400 [thread overview]
Message-ID: <55FAD981.5080808@xiplink.com> (raw)
In-Reply-To: <1442500646-15293-1-git-send-email-Matthieu.Moy@imag.fr>
On 15-09-17 10:37 AM, Matthieu Moy wrote:
> strtoul_ui uses strtoul to get a long unsigned, then checks that casting
> to unsigned does not lose information and return the casted value.
>
> On 64 bits architecture, checking that the cast does not change the value
> catches most errors, but when sizeof(int) == sizeof(long) (e.g. i386),
> the check does nothing. Unfortunately, strtoul silently accepts negative
> values, and as a result strtoul_ui("-1", ...) raised no error.
>
> This patch catches negative values before it's too late, i.e. before
> calling strtoul. We still silently accept very large integers that wrap
> to a valid "unsigned int".
>
> Reported-by: Max Kirillov <max@max630.net>
> Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr>
> ---
> So, here's a proper patch (I mean, a band-aid patch, but properly
> send ;-) ).
>
> It should be merged before Kartik's series (or inserted at the start
> of the series) so that we get the fix before the test breakage.
>
> git-compat-util.h | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/git-compat-util.h b/git-compat-util.h
> index f649e81..1df82fa 100644
> --- a/git-compat-util.h
> +++ b/git-compat-util.h
> @@ -814,6 +814,9 @@ static inline int strtoul_ui(char const *s, int base, unsigned int *result)
> char *p;
>
> errno = 0;
> + /* negative values would be accepted by strtoul */
> + if (strchr(s, '-'))
> + return -1;
I think this is broken, in that it doesn't match strtoul's normal behaviour,
for strings like "1234-5678", no?
The test also doesn't work if the string has leading whitespace (" -5").
> ul = strtoul(s, &p, base);
> if (errno || *p || p == s || (unsigned int) ul != ul)
> return -1;
Hmm, but we check *p here, so IIUC it's an error if the string has any
trailing non-digits. Weird.
M.
next prev parent reply other threads:[~2015-09-17 15:26 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-17 14:37 [PATCH] strtoul_ui: reject negative values Matthieu Moy
2015-09-17 15:17 ` Marc Branchaud [this message]
2015-09-17 15:34 ` Matthieu Moy
2015-09-17 16:12 ` Marc Branchaud
2015-09-17 16:18 ` Junio C Hamano
2015-09-17 16:28 ` [PATCH v2] " Matthieu Moy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55FAD981.5080808@xiplink.com \
--to=marcnarc@xiplink.com \
--cc=Matthieu.Moy@imag.fr \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=max@max630.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).