| commit | 14770cf0de218cc373e7d286b864f526e5ea2840 | |
| author | Phillip Wood <phillip.wood@dunelm.org.uk> | |
| Wed, 9 Nov 2022 14:16:28 +0000 (9 14:16 +0000) | ||
| committer | Taylor Blau <me@ttaylorr.com> | |
| Thu, 10 Nov 2022 02:30:39 +0000 (9 21:30 -0500) | ||
| tree | e76c46f210792810068a836dffc60421ff0d8c6f | treesnapshot (tar.gz zip) |
| parent | 7595c0ece1d45ca540f26cecf485285f5ce8186f | commitdiff |
git_parse_signed(): avoid integer overflow
git_parse_signed() checks that the absolute value of the parsed string
is less than or equal to a caller supplied maximum value. When
calculating the absolute value there is a integer overflow if `val ==
INTMAX_MIN`. To fix this avoid negating `val` when it is negative by
having separate overflow checks for positive and negative values.
An alternative would be to special case INTMAX_MIN before negating `val`
as it is always out of range. That would enable us to keep the existing
code but I'm not sure that the current two-stage check is any clearer
than the new version.
Signed-off-by: Phillip Wood <phillip.wood@dunelm.org.uk>
Signed-off-by: Taylor Blau <me@ttaylorr.com>
git_parse_signed() checks that the absolute value of the parsed string
is less than or equal to a caller supplied maximum value. When
calculating the absolute value there is a integer overflow if `val ==
INTMAX_MIN`. To fix this avoid negating `val` when it is negative by
having separate overflow checks for positive and negative values.
An alternative would be to special case INTMAX_MIN before negating `val`
as it is always out of range. That would enable us to keep the existing
code but I'm not sure that the current two-stage check is any clearer
than the new version.
Signed-off-by: Phillip Wood <phillip.wood@dunelm.org.uk>
Signed-off-by: Taylor Blau <me@ttaylorr.com>
| config.c | diffblobblamehistory |