apply: detect overflow when parsing hunk header

"git apply" uses strtoul() to parse the numbers in the hunk header but silently ignores overflows. As LONG_MAX is a legitimate return value for strtoul() we need to set errno to zero before the call to strtoul() and check that it is still zero afterwards. The error message we display is not particularly helpful as it does not say what was wrong. However, it seems pretty unlikely that users are going to trigger this error in practice and we can always improve it later if needed. Signed-off-by: Phillip Wood <phillip.wood@dunelm.org.uk> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2025-01-30 11:08:30 +00:00
parent 2f323bb162
commit a206058fda
2 changed files with 16 additions and 0 deletions
--- a/apply.c
+++ b/apply.c
@@ -1426,7 +1426,10 @@ static int parse_num(const char *line, unsigned long *p)

 	if (!isdigit(*line))
 		return 0;
+	errno = 0;
 	*p = strtoul(line, &ptr, 10);
+	if (errno)
+		return 0;
 	return ptr - line;
 }

--- a/t/t4100-apply-stat.sh
+++ b/t/t4100-apply-stat.sh
@@ -39,4 +39,17 @@ incomplete (1)
 incomplete (2)
 EOF

+test_expect_success 'applying a hunk header which overflows fails' '
+	cat >patch <<-\EOF &&
+	diff -u a/file b/file
+	--- a/file
+	+++ b/file
+	@@ -98765432109876543210 +98765432109876543210 @@
+	-a
+	+b
+	EOF
+	test_must_fail git apply patch 2>err &&
+	echo "error: corrupt patch at line 4" >expect &&
+	test_cmp expect err
+'
 test_done