apply: detect overflow when parsing hunk header

phillipwood · gitster · commit a206058fdaab · 2025-01-30T14:18:12.000-08:00
"git apply" uses strtoul() to parse the numbers in the hunk header but
silently ignores overflows. As LONG_MAX is a legitimate return value for
strtoul() we need to set errno to zero before the call to strtoul() and
check that it is still zero afterwards. The error message we display is
not particularly helpful as it does not say what was wrong.  However, it
seems pretty unlikely that users are going to trigger this error in
practice and we can always improve it later if needed.

Signed-off-by: Phillip Wood &lt;phillip.wood@dunelm.org.uk&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
diff --git a/apply.c b/apply.c
@@ -1426,7 +1426,10 @@ static int parse_num(const char *line, unsigned long *p)
 
 	if (!isdigit(*line))
 		return 0;
+	errno = 0;
 	*p = strtoul(line, &ptr, 10);
+	if (errno)
+		return 0;
 	return ptr - line;
 }
 
diff --git a/t/t4100-apply-stat.sh b/t/t4100-apply-stat.sh
@@ -39,4 +39,17 @@ incomplete (1)
 incomplete (2)
 EOF
 
+test_expect_success 'applying a hunk header which overflows fails' '
+	cat >patch <<-\EOF &&
+	diff -u a/file b/file
+	--- a/file
+	+++ b/file
+	@@ -98765432109876543210 +98765432109876543210 @@
+	-a
+	+b
+	EOF
+	test_must_fail git apply patch 2>err &&
+	echo "error: corrupt patch at line 4" >expect &&
+	test_cmp expect err
+'
 test_done

Original file line number	Diff line number	Diff line change
`@@ -1426,7 +1426,10 @@ static int parse_num(const char line, unsigned long p)`
`1426`	`1426`
`1427`	`1427`	`if (!isdigit(*line))`
`1428`	`1428`	`return 0;`
	`1429`	`+ errno = 0;`
`1429`	`1430`	`*p = strtoul(line, &ptr, 10);`
	`1431`	`+ if (errno)`
	`1432`	`+ return 0;`
`1430`	`1433`	`return ptr - line;`
`1431`	`1434`	`}`
`1432`	`1435`