sha1-name: check for overflow of N in "foo^N" and "foo~N"

Reject values that don't fit into an int, as get_parent() and
get_nth_ancestor() cannot handle them.  That's better than potentially
returning a random object.

If this restriction turns out to be too tight then we can switch to a
wider data type, but we'd still have to check for overflow.

Signed-off-by: René Scharfe <[email protected]>
Signed-off-by: Junio C Hamano <[email protected]>

Author: rscharfe

sha1-name.c

@@ -1163,13 +1163,22 @@ static enum get_oid_result get_oid_1(struct repository *r,
 	}
 
 	if (has_suffix) {
-		int num = 0;
+		unsigned int num = 0;
 		int len1 = cp - name;
 		cp++;
-		while (cp < name + len)
-			num = num * 10 + *cp++ - '0';
+		while (cp < name + len) {
+			unsigned int digit = *cp++ - '0';
+			if (unsigned_mult_overflows(num, 10))
+				return MISSING_OBJECT;
+			num *= 10;
+			if (unsigned_add_overflows(num, digit))
+				return MISSING_OBJECT;
+			num += digit;
+		}
 		if (!num && len1 == len - 1)
 			num = 1;
+		else if (num > INT_MAX)
+			return MISSING_OBJECT;
 		if (has_suffix == '^')
 			return get_parent(r, name, len1, oid, num);
 		/* else if (has_suffix == '~') -- goes without saying */

t/t1506-rev-parse-diagnosis.sh

@@ -215,11 +215,11 @@ test_expect_success 'arg before dashdash must be a revision (ambiguous)' '
 	test_cmp expect actual
 '
 
-test_expect_failure 'reject Nth parent if N is too high' '
+test_expect_success 'reject Nth parent if N is too high' '
 	test_must_fail git rev-parse HEAD^100000000000000000000000000000000
 '
 
-test_expect_failure 'reject Nth ancestor if N is too high' '
+test_expect_success 'reject Nth ancestor if N is too high' '
 	test_must_fail git rev-parse HEAD~100000000000000000000000000000000
 '