strtoul_ui: reject negative values

strtoul_ui uses strtoul to get a long unsigned, then checks that casting to unsigned does not lose information and return the casted value. On 64 bits architecture, checking that the cast does not change the value catches most errors, but when sizeof(int) == sizeof(long) (e.g. i386), the check does nothing. Unfortunately, strtoul silently accepts negative values, and as a result strtoul_ui("-1", ...) raised no error. This patch catches negative values before it's too late, i.e. before calling strtoul. Reported-by: Max Kirillov <max@max630.net> Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Matthieu Moy <Matthieu.Moy@imag.fr> 2015-09-17 18:28:33 +0200
committer: Junio C Hamano <gitster@pobox.com> 2015-09-17 10:02:27 -0700
commit: e6f2599cbade92bcbb831d8e4845ab6f6211176c (patch)
tree: ae8ef23e75587450900db16a391e5581427c26c9
parent: 7b8419f0940dcb9c017fc66390dc6a6471ce5373 (diff)
download: git-e6f2599cbade92bcbb831d8e4845ab6f6211176c.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/git-compat-util.h b/git-compat-util.h
index c6d391f864..4515c494ee 100644
--- a/git-compat-util.h
+++ b/git-compat-util.h
@@ -812,6 +812,9 @@ static inline int strtoul_ui(char const *s, int base, unsigned int *result)
 	char *p;
 
 	errno = 0;
+	/* negative values would be accepted by strtoul */
+	if (strchr(s, '-'))
+		return -1;
 	ul = strtoul(s, &p, base);
 	if (errno || *p || p == s || (unsigned int) ul != ul)
 		return -1;
author	Matthieu Moy <Matthieu.Moy@imag.fr>	2015-09-17 18:28:33 +0200
committer	Junio C Hamano <gitster@pobox.com>	2015-09-17 10:02:27 -0700
commit	e6f2599cbade92bcbb831d8e4845ab6f6211176c (patch)
tree	ae8ef23e75587450900db16a391e5581427c26c9
parent	7b8419f0940dcb9c017fc66390dc6a6471ce5373 (diff)
download	git-e6f2599cbade92bcbb831d8e4845ab6f6211176c.tar.gz