range-diff: fix integer overflow in get_correspondences()

[pcasaretto]

Summary

This PR fixes a segmentation fault in git range-diff caused by integer overflow when processing large patch sets.

Problem

The get_correspondences() function uses int to store the sum of two size_t values from string_list structures. When processing large patch sets where a->nr + b->nr exceeds INT_MAX (2,147,483,647), the value wraps to negative, causing invalid array indexing and a segmentation fault.

The crash manifests at line 356 in range-diff.c when accessing cost[i + n * j] with a negative or incorrectly calculated index.

Solution

This patch fixes the issue by:

• Using size_t throughout for array sizes and indices in get_correspondences()
• Updating the compute_assignment() function signature to accept size_t parameters
• Maintaining int only for sentinel values (-1) where necessary
• Adjusting the countdown loop pattern to work correctly with unsigned types

Known Limitations

While this fix prevents the integer overflow and segmentation fault, attempting to process extremely large patch sets will still hit memory limitations. The process will consume excessive memory and likely be terminated by the system (SIGKILL) before completing. However, this fix is still valuable as it allows range-diff to fail gracefully due to resource constraints rather than undefined behavior.

Testing

The fix has been:

• Compiled successfully with no warnings
• Tested with the git test suite (t3206-range-diff.sh passes)
• Verified to prevent the segmentation fault in the original failing case
• Checked with git diff --check (no whitespace errors)

Files Changed

• range-diff.c: Changed variable types from int to size_t for n, i, and j
• linear-assignment.h: Updated function signature to use size_t parameters
• linear-assignment.c: Updated implementation to use size_t for loop indices, adjusted countdown loop pattern

cc @gitgitgadget

[gitgitgadget]

Welcome to GitGitGadget

Hi @pcasaretto, and welcome to GitGitGadget, the GitHub App to send patch series to the Git mailing list from GitHub Pull Requests.

Please make sure that either:

• Your Pull Request has a good description, if it consists of multiple commits, as it will be used as cover letter.
• Your Pull Request description is empty, if it consists of a single commit, as the commit message should be descriptive enough by itself.

You can CC potential reviewers by adding a footer to the PR description with the following syntax:

CC: Revi Ewer <[email protected]>, Ill Takalook <[email protected]>

NOTE: DO NOT copy/paste your CC list from a previous GGG PR's description,
because it will result in a malformed CC list on the mailing list. See
example.

Also, it is a good idea to review the commit messages one last time, as the Git project expects them in a quite specific form:

• the lines should not exceed 76 columns,
• the first line should be like a header and typically start with a prefix like "tests:" or "revisions:" to state which subsystem the change is about, and
• the commit messages' body should be describing the "why?" of the change.
• Finally, the commit messages should end in a Signed-off-by: line matching the commits' author.

It is in general a good idea to await the automated test ("Checks") in this Pull Request before contributing the patches, e.g. to avoid trivial issues such as unportable code.

Contributing the patches

Before you can contribute the patches, your GitHub username needs to be added to the list of permitted users. Any already-permitted user can do that, by adding a comment to your PR of the form /allow. A good way to find other contributors is to locate recent pull requests where someone has been /allowed:

• Search: is:pr is:open "/allow"

Both the person who commented /allow and the PR author are able to /allow you.

An alternative is the channel #git-devel on the Libera Chat IRC network:

<newcontributor> I've just created my first PR, could someone please /allow me? https://github.com/gitgitgadget/git/pull/12345
<veteran> newcontributor: it is done
<newcontributor> thanks!

Once on the list of permitted usernames, you can contribute the patches to the Git mailing list by adding a PR comment /submit.

If you want to see what email(s) would be sent for a /submit request, add a PR comment /preview to have the email(s) sent to you. You must have a public GitHub email address for this. Note that any reviewers CC'd via the list in the PR description will not actually be sent emails.

After you submit, GitGitGadget will respond with another comment that contains the link to the cover letter mail in the Git mailing list archive. Please make sure to monitor the discussion in that thread and to address comments and suggestions (while the comments and suggestions will be mirrored into the PR by GitGitGadget, you will still want to reply via mail).

If you do not want to subscribe to the Git mailing list just to be able to respond to a mail, you can download the mbox from the Git mailing list archive (click the (raw) link), then import it into your mail program. If you use GMail, you can do this via:

curl -g --user "<EMailAddress>:<Password>" \
    --url "imaps://imap.gmail.com/INBOX" -T /path/to/raw.txt

To iterate on your change, i.e. send a revised patch or patch series, you will first want to (force-)push to the same branch. You probably also want to modify your Pull Request description (or title). It is a good idea to summarize the revision by adding something like this to the cover letter (read: by editing the first comment on the PR, i.e. the PR description):

Changes since v1:
- Fixed a typo in the commit message (found by ...)
- Added a code comment to ... as suggested by ...
...

To send a new iteration, just add another PR comment with the contents: /submit.

Need help?

New contributors who want advice are encouraged to join [email protected], where volunteers who regularly contribute to Git are willing to answer newbie questions, give advice, or otherwise provide mentoring to interested contributors. You must join in order to post or view messages, but anyone can join.

You may also be able to find help in real time in the developer IRC channel, #git-devel on Libera Chat. Remember that IRC does not support offline messaging, so if you send someone a private message and log out, they cannot respond to you. The scrollback of #git-devel is archived, though.

[olga-mcbfe]

/allow

[gitgitgadget]

User pcasaretto is now allowed to use GitGitGadget.

WARNING: pcasaretto has no public email address set on GitHub; GitGitGadget needs an email address to Cc: you on your contribution, so that you receive any feedback on the Git mailing list. Go to https://github.com/settings/profile to make your preferred email public to let GitGitGadget know which email address to use.

[gitgitgadget]

User pcasaretto already allowed to use GitGitGadget.

[pcasaretto]

Reworking this.