diff options
| author | Jeff King <peff@peff.net> | 2014-02-24 07:39:45 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2014-02-24 18:12:58 (GMT) |
| commit | 7ca36d9398a85e7974d04f8fbd2c6adb088290e1 (patch) | |
| tree | e3ef065ab5fee09448ad78239edefb09c9ca927a /fsck.c | |
| parent | d4b8de0420ffcc7a654ddc6c69a96d3c1b25b4fa (diff) | |
| download | git-7ca36d9398a85e7974d04f8fbd2c6adb088290e1.zip git-7ca36d9398a85e7974d04f8fbd2c6adb088290e1.tar.gz git-7ca36d9398a85e7974d04f8fbd2c6adb088290e1.tar.bz2 | |
date: check date overflow against time_t
When we check whether a timestamp has overflowed, we check
only against ULONG_MAX, meaning that strtoul has overflowed.
However, we also feed these timestamps to system functions
like gmtime, which expect a time_t. On many systems, time_t
is actually smaller than "unsigned long" (e.g., because it
is signed), and we would overflow when using these
functions. We don't know the actual size or signedness of
time_t, but we can easily check for truncation with a simple
assignment.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'fsck.c')
| -rw-r--r-- | fsck.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -266,7 +266,7 @@ static int fsck_ident(char **ident, struct object *obj, fsck_error error_func) (*ident)++; if (**ident == '0' && (*ident)[1] != ' ') return error_func(obj, FSCK_ERROR, "invalid author/committer line - zero-padded date"); - if (strtoul(*ident, &end, 10) == ULONG_MAX) + if (date_overflows(strtoul(*ident, &end, 10))) return error_func(obj, FSCK_ERROR, "invalid author/committer line - date causes integer overflow"); if (end == *ident || *end != ' ') return error_func(obj, FSCK_ERROR, "invalid author/committer line - bad date"); |