From: "René Scharfe" <l.s.r@web.de>
To: Patrick Steinhardt <ps@pks.im>, git@vger.kernel.org
Cc: "John Paul Adrian Glaubitz" <glaubitz@physik.fu-berlin.de>,
"Todd Zullinger" <tmz@pobox.com>,
"SZEDER Gábor" <szeder.dev@gmail.com>,
"Derrick Stolee" <stolee@gmail.com>, "Jeff King" <peff@peff.net>
Subject: Re: [PATCH 2/5] parse-options: introduce precision handling for `OPTION_INTEGER`
Date: Tue, 1 Apr 2025 20:47:12 +0200 [thread overview]
Message-ID: <f6c7c92b-931c-4be4-8d76-9d4ed147e983@web.de> (raw)
In-Reply-To: <20250401-b4-pks-parse-options-integers-v1-2-a628ad40c3b4@pks.im>
Am 01.04.25 um 17:01 schrieb Patrick Steinhardt:
> diff --git a/parse-options.c b/parse-options.c
> index 35fbb3b0d63..dbda9b7cfe7 100644
> --- a/parse-options.c
> +++ b/parse-options.c
> @@ -172,25 +172,50 @@ static enum parse_opt_result do_get_value(struct parse_opt_ctx_t *p,
> return (*opt->ll_callback)(p, opt, p_arg, p_unset);
> }
> case OPTION_INTEGER:
> + {
> + intmax_t upper_bound = (((intmax_t) 1 << (opt->precision * 8 - 1)) - 1);
Ugh, how does this not overflow? The macro maximum_signed_value_of_type
does a similar calculation better.
> + intmax_t lower_bound = -upper_bound - 1;
This depends on two's complement being used, which is bad for purity and
portability to obsolete machines, but probably OK in practice.
> + intmax_t value;
> +
> if (unset) {
> - *(int *)opt->value = 0;
> - return 0;
> - }
> - if (opt->flags & PARSE_OPT_OPTARG && !p->opt) {
> - *(int *)opt->value = opt->defval;
> - return 0;
> - }
> - if (get_arg(p, opt, flags, &arg))
> + value = 0;
> + } else if (opt->flags & PARSE_OPT_OPTARG && !p->opt) {
> + value = opt->defval;
> + } else if (get_arg(p, opt, flags, &arg)) {
> return -1;
> - if (!*arg)
> + } else if (!*arg) {
> return error(_("%s expects a numerical value"),
> optname(opt, flags));
> - *(int *)opt->value = strtol(arg, (char **)&s, 10);
> - if (*s)
> - return error(_("%s expects a numerical value"),
> - optname(opt, flags));
> - return 0;
> + } else {
> + value = strtoimax(arg, (char **)&s, 10);
> + if (*s)
> + return error(_("%s expects a numerical value"),
> + optname(opt, flags));
> +
> + }
>
> + if (value < lower_bound || value > upper_bound)
> + return error(_("value %"PRIdMAX" for %s not in range [%"PRIdMAX",%"PRIdMAX"]"),
> + value, optname(opt, flags), lower_bound, upper_bound);
> +
> + switch (opt->precision) {
> + case 1:
> + *(int8_t *)opt->value = value;
> + return 0;
> + case 2:
> + *(int16_t *)opt->value = value;
> + return 0;
> + case 4:
> + *(int32_t *)opt->value = value;
> + return 0;
> + case 8:
> + *(int64_t *)opt->value = value;
> + return 0;
Do we even need all these sizes? Or can we whittle it down to ssize_t?
And for which quantities do we need to accept negative values anyway?
René
next prev parent reply other threads:[~2025-04-01 18:47 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-01 15:01 [PATCH 0/5] parse-options: harden handling of integer values Patrick Steinhardt
2025-04-01 15:01 ` [PATCH 1/5] global: use designated initializers for options Patrick Steinhardt
2025-04-01 15:01 ` [PATCH 2/5] parse-options: introduce precision handling for `OPTION_INTEGER` Patrick Steinhardt
2025-04-01 18:47 ` René Scharfe [this message]
2025-04-15 10:26 ` Patrick Steinhardt
2025-04-01 15:01 ` [PATCH 3/5] parse-options: introduce precision handling for `OPTION_MAGNITUDE` Patrick Steinhardt
2025-04-01 15:01 ` [PATCH 4/5] parse-options: introduce `OPTION_UNSIGNED` Patrick Steinhardt
2025-04-01 15:01 ` [PATCH 5/5] parse-options: detect mismatches in integer signedness Patrick Steinhardt
2025-04-15 12:14 ` [PATCH v2 0/5] parse-options: harden handling of integer values Patrick Steinhardt
2025-04-15 12:14 ` [PATCH v2 1/5] global: use designated initializers for options Patrick Steinhardt
2025-04-15 12:14 ` [PATCH v2 2/5] parse-options: introduce precision handling for `OPTION_INTEGER` Patrick Steinhardt
2025-04-15 15:51 ` Phillip Wood
2025-04-16 10:28 ` Patrick Steinhardt
2025-04-15 16:59 ` Junio C Hamano
2025-04-16 10:28 ` Patrick Steinhardt
2025-04-15 12:14 ` [PATCH v2 3/5] parse-options: introduce precision handling for `OPTION_MAGNITUDE` Patrick Steinhardt
2025-04-15 12:14 ` [PATCH v2 4/5] parse-options: introduce `OPTION_UNSIGNED` Patrick Steinhardt
2025-04-15 15:52 ` Phillip Wood
2025-04-16 10:27 ` Patrick Steinhardt
2025-04-16 13:31 ` phillip.wood123
2025-04-15 17:38 ` René Scharfe
2025-04-16 10:28 ` Patrick Steinhardt
2025-04-15 12:14 ` [PATCH v2 5/5] parse-options: detect mismatches in integer signedness Patrick Steinhardt
2025-04-15 17:02 ` Junio C Hamano
2025-04-16 10:02 ` [PATCH v3 0/7] parse-options: harden handling of integer values Patrick Steinhardt
2025-04-16 10:02 ` [PATCH v3 1/7] global: use designated initializers for options Patrick Steinhardt
2025-04-16 10:02 ` [PATCH v3 2/7] parse-options: check for overflow when parsing integers Patrick Steinhardt
2025-04-16 10:02 ` [PATCH v3 3/7] parse-options: introduce precision handling for `OPTION_INTEGER` Patrick Steinhardt
2025-04-16 17:29 ` Junio C Hamano
2025-04-16 10:02 ` [PATCH v3 4/7] parse-options: introduce precision handling for `OPTION_MAGNITUDE` Patrick Steinhardt
2025-04-16 10:02 ` [PATCH v3 5/7] parse-options: introduce `OPTION_UNSIGNED` Patrick Steinhardt
2025-04-16 18:50 ` Junio C Hamano
2025-04-17 8:15 ` Patrick Steinhardt
2025-04-16 10:02 ` [PATCH v3 6/7] parse-options: detect mismatches in integer signedness Patrick Steinhardt
2025-04-16 10:02 ` [PATCH v3 7/7] parse-options: introduce bounded integer options Patrick Steinhardt
2025-04-16 19:19 ` Junio C Hamano
2025-04-17 8:14 ` Patrick Steinhardt
2025-04-17 10:49 ` [PATCH v4 0/7] parse-options: harden handling of integer values Patrick Steinhardt
2025-04-17 10:49 ` [PATCH v4 1/7] parse: fix off-by-one for minimum signed values Patrick Steinhardt
2025-04-17 10:49 ` [PATCH v4 2/7] global: use designated initializers for options Patrick Steinhardt
2025-04-17 10:49 ` [PATCH v4 3/7] parse-options: support unit factors in `OPT_INTEGER()` Patrick Steinhardt
2025-04-17 10:49 ` [PATCH v4 4/7] parse-options: rename `OPT_MAGNITUDE()` to `OPT_UNSIGNED()` Patrick Steinhardt
2025-04-17 15:17 ` Junio C Hamano
2025-04-17 10:49 ` [PATCH v4 5/7] parse-options: introduce precision handling for `OPTION_INTEGER` Patrick Steinhardt
2025-04-17 10:49 ` [PATCH v4 6/7] parse-options: introduce precision handling for `OPTION_UNSIGNED` Patrick Steinhardt
2025-04-17 10:49 ` [PATCH v4 7/7] parse-options: detect mismatches in integer signedness Patrick Steinhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f6c7c92b-931c-4be4-8d76-9d4ed147e983@web.de \
--to=l.s.r@web.de \
--cc=git@vger.kernel.org \
--cc=glaubitz@physik.fu-berlin.de \
--cc=peff@peff.net \
--cc=ps@pks.im \
--cc=stolee@gmail.com \
--cc=szeder.dev@gmail.com \
--cc=tmz@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).