diff options
| author | René Scharfe <l.s.r@web.de> | 2019-06-22 10:03:30 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2019-06-24 19:34:17 (GMT) |
| commit | 3fb72c7b4d90fb7f95ca60f448c7739cca6c1846 (patch) | |
| tree | 1119db7f844b01e7fca60876a7ad97a61a89e7b3 /config.c | |
| parent | 9dae4fe79f85dd0eaf41215bea76c68b65398fbc (diff) | |
| download | git-3fb72c7b4d90fb7f95ca60f448c7739cca6c1846.zip git-3fb72c7b4d90fb7f95ca60f448c7739cca6c1846.tar.gz git-3fb72c7b4d90fb7f95ca60f448c7739cca6c1846.tar.bz2 | |
config: use unsigned_mult_overflows to check for overflows
parse_unit_factor() checks if a K, M or G is present after a number and
multiplies it by 2^10, 2^20 or 2^30, respectively. One of its callers
checks if the result is smaller than the number alone to detect
overflows. The other one passes 1 as the number and does multiplication
and overflow check itself in a similar manner.
This works, but is inconsistent, and it would break if we added support
for a bigger unit factor. E.g. 16777217T is 2^64 + 2^40, i.e. too big
for a 64-bit number. Modulo 2^64 we get 2^40 == 1TB, which is bigger
than the raw number 16777217 == 2^24 + 1, so the overflow would go
undetected by that method.
Let both callers pass 1 and handle overflow check and multiplication
themselves. Do the check before the multiplication, using
unsigned_mult_overflows, which is simpler and can deal with larger unit
factors.
Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'config.c')
| -rw-r--r-- | config.c | 13 |
1 files changed, 7 insertions, 6 deletions
@@ -870,8 +870,8 @@ static int git_parse_signed(const char *value, intmax_t *ret, intmax_t max) return 0; } uval = val < 0 ? -val : val; - uval *= factor; - if (uval > max || (val < 0 ? -val : val) > uval) { + if (unsigned_mult_overflows(factor, uval) || + factor * uval > max) { errno = ERANGE; return 0; } @@ -888,21 +888,22 @@ static int git_parse_unsigned(const char *value, uintmax_t *ret, uintmax_t max) if (value && *value) { char *end; uintmax_t val; - uintmax_t oldval; + uintmax_t factor = 1; errno = 0; val = strtoumax(value, &end, 0); if (errno == ERANGE) return 0; - oldval = val; - if (!parse_unit_factor(end, &val)) { + if (!parse_unit_factor(end, &factor)) { errno = EINVAL; return 0; } - if (val > max || oldval > val) { + if (unsigned_mult_overflows(factor, val) || + factor * val > max) { errno = ERANGE; return 0; } + val *= factor; *ret = val; return 1; } |