Skip to content

Commit

Permalink
strtoul_ui: reject negative values
Browse files Browse the repository at this point in the history 
strtoul_ui uses strtoul to get a long unsigned, then checks that casting
to unsigned does not lose information and return the casted value.

On 64 bits architecture, checking that the cast does not change the value
catches most errors, but when sizeof(int) == sizeof(long) (e.g. i386),
the check does nothing. Unfortunately, strtoul silently accepts negative
values, and as a result strtoul_ui("-1", ...) raised no error.

This patch catches negative values before it's too late, i.e. before
calling strtoul.

Reported-by: Max Kirillov <max@max630.net>
Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
  • Loading branch information
Matthieu Moy authored and Junio C Hamano committed Sep 17, 2015
1 parent 7b8419f commit e6f2599
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions git-compat-util.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -812,6 +812,9 @@ static inline int strtoul_ui(char const *s, int base, unsigned int *result)
char *p;

errno = 0;
/* negative values would be accepted by strtoul */
if (strchr(s, '-'))
return -1;
ul = strtoul(s, &p, base);
if (errno || *p || p == s || (unsigned int) ul != ul)
return -1;
Expand Down

0 comments on commit e6f2599

Please sign in to comment.