config: properly range-check integer values

peff · gitster · commit 42d194e95870 · 2013-09-09T11:04:29.000-07:00
When we look at a config value as an integer using the
git_config_int function, we carefully range-check the value
we get and complain if it is out of our range. But the range
we compare to is that of a "long", which we then cast to an
"int" in the function's return value. This means that on
systems where "int" and "long" have different sizes (e.g.,
LP64 systems), we may pass the range check, but then return
nonsense by truncating the value as we cast it to an int.

We can solve this by converting git_parse_long into
git_parse_int, and range-checking the "int" range. Nobody
actually cared that we used a "long" internally, since the
result was truncated anyway. And the only other caller of
git_parse_long is git_config_maybe_bool, which should be
fine to just use int (though we will now forbid out-of-range
nonsense like setting "merge.ff" to "10g" to mean "true",
which is probably a good thing).

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
diff --git a/config.c b/config.c
@@ -515,10 +515,10 @@ int git_parse_unsigned(const char *value, uintmax_t *ret, uintmax_t max)
 	return 0;
 }
 
-static int git_parse_long(const char *value, long *ret)
+static int git_parse_int(const char *value, int *ret)
 {
 	intmax_t tmp;
-	if (!git_parse_signed(value, &tmp, maximum_signed_value_of_type(long)))
+	if (!git_parse_signed(value, &tmp, maximum_signed_value_of_type(int)))
 		return 0;
 	*ret = tmp;
 	return 1;
@@ -542,8 +542,8 @@ static void die_bad_config(const char *name)
 
 int git_config_int(const char *name, const char *value)
 {
-	long ret = 0;
-	if (!git_parse_long(value, &ret))
+	int ret;
+	if (!git_parse_int(value, &ret))
 		die_bad_config(name);
 	return ret;
 }
@@ -575,10 +575,10 @@ static int git_config_maybe_bool_text(const char *name, const char *value)
 
 int git_config_maybe_bool(const char *name, const char *value)
 {
-	long v = git_config_maybe_bool_text(name, value);
+	int v = git_config_maybe_bool_text(name, value);
 	if (0 <= v)
 		return v;
-	if (git_parse_long(value, &v))
+	if (git_parse_int(value, &v))
 		return !!v;
 	return -1;
 }

Original file line number	Diff line number	Diff line change
`@@ -515,10 +515,10 @@ int git_parse_unsigned(const char value, uintmax_t ret, uintmax_t max)`
`515`	`515`	`return 0;`
`516`	`516`	`}`
`517`	`517`
`518`		`-static int git_parse_long(const char value, long ret)`
	`518`	`+static int git_parse_int(const char value, int ret)`
`519`	`519`	`{`
`520`	`520`	`intmax_t tmp;`
`521`		`- if (!git_parse_signed(value, &tmp, maximum_signed_value_of_type(long)))`
	`521`	`+ if (!git_parse_signed(value, &tmp, maximum_signed_value_of_type(int)))`
`522`	`522`	`return 0;`
`523`	`523`	`*ret = tmp;`
`524`	`524`	`return 1;`
`@@ -542,8 +542,8 @@ static void die_bad_config(const char *name)`
`542`	`542`
`543`	`543`	`int git_config_int(const char name, const char value)`
`544`	`544`	`{`
`545`		`- long ret = 0;`
`546`		`- if (!git_parse_long(value, &ret))`
	`545`	`+ int ret;`
	`546`	`+ if (!git_parse_int(value, &ret))`
`547`	`547`	`die_bad_config(name);`
`548`	`548`	`return ret;`
`549`	`549`	`}`
`@@ -575,10 +575,10 @@ static int git_config_maybe_bool_text(const char name, const char value)`
`575`	`575`
`576`	`576`	`int git_config_maybe_bool(const char name, const char value)`
`577`	`577`	`{`
`578`		`- long v = git_config_maybe_bool_text(name, value);`
	`578`	`+ int v = git_config_maybe_bool_text(name, value);`
`579`	`579`	`if (0 <= v)`
`580`	`580`	`return v;`
`581`		`- if (git_parse_long(value, &v))`
	`581`	`+ if (git_parse_int(value, &v))`
`582`	`582`	`return !!v;`
`583`	`583`	`return -1;`
`584`	`584`	`}`