patch_parse: detect overflow when calculating old/new line position

When the patch contains lines close to INT_MAX, then it may happen that
we end up with an integer overflow when calculating the line of the
current diff hunk. Reject such patches as unreasonable to avoid the
integer overflow.

As the calculation is performed on integers, we introduce two new
helpers `git__add_int_overflow` and `git__sub_int_overflow` that perform
the integer overflow check in a generic way.

2 files changed, 15 insertions, 0 deletions

diff --git a/tests/patch/parse.c b/tests/patch/parse.c
index 77a6dd60d..9067f4a9d 100644
--- a/tests/patch/parse.c
+++ b/tests/patch/parse.c
@@ -174,3 +174,10 @@ void test_patch_parse__truncated_no_newline_at_end_of_file(void)
 
 	git_patch_free(patch);
 }
+
+void test_patch_parse__line_number_overflow(void)
+{
+	git_patch *patch;
+	cl_git_fail(git_patch_from_buffer(&patch, PATCH_INTMAX_NEW_LINES, strlen(PATCH_INTMAX_NEW_LINES), NULL));
+	git_patch_free(patch);
+}
diff --git a/tests/patch/patch_common.h b/tests/patch/patch_common.h
index 4c053cbbf..153bab57f 100644
--- a/tests/patch/patch_common.h
+++ b/tests/patch/patch_common.h
@@ -918,3 +918,11 @@
 	"+++ \n" \
 	"index 0000..7DDb\n" \
 	"--- \n"
+
+#define PATCH_INTMAX_NEW_LINES \
+	"diff --git a/file b/file\n" \
+	"--- a/file\n" \
+	"+++ b/file\n" \
+	"@@ -0 +2147483647 @@\n" \
+	"\n" \
+	"  "