diff options
author | Jeff King <peff@peff.net> | 2013-09-08 04:33:08 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2013-09-09 11:04:29 -0700 |
commit | 42d194e95870a9eeea192789226b7d51b1c90c96 (patch) | |
tree | b6b9bd44b7a7973b0d30638b33685cd1bc4c5ba3 /compat/unsetenv.c | |
parent | config: factor out integer parsing from range checks (diff) | |
download | tgif-42d194e95870a9eeea192789226b7d51b1c90c96.tar.xz |
config: properly range-check integer values
When we look at a config value as an integer using the
git_config_int function, we carefully range-check the value
we get and complain if it is out of our range. But the range
we compare to is that of a "long", which we then cast to an
"int" in the function's return value. This means that on
systems where "int" and "long" have different sizes (e.g.,
LP64 systems), we may pass the range check, but then return
nonsense by truncating the value as we cast it to an int.
We can solve this by converting git_parse_long into
git_parse_int, and range-checking the "int" range. Nobody
actually cared that we used a "long" internally, since the
result was truncated anyway. And the only other caller of
git_parse_long is git_config_maybe_bool, which should be
fine to just use int (though we will now forbid out-of-range
nonsense like setting "merge.ff" to "10g" to mean "true",
which is probably a good thing).
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'compat/unsetenv.c')
0 files changed, 0 insertions, 0 deletions