* [PATCH] config.c: fix potential number truncation in git_parse_signed()
@ 2016-07-02 13:13 Nguyễn Thái Ngọc Duy
2016-07-06 19:33 ` Junio C Hamano
0 siblings, 1 reply; 3+ messages in thread
From: Nguyễn Thái Ngọc Duy @ 2016-07-02 13:13 UTC (permalink / raw)
To: git; +Cc: Nguyễn Thái Ngọc Duy
clang -Wabsolute-value on IA-32 architecture complains that "absolute
value function 'labs' given an argument of type 'intmax_t' (aka 'long
long') but has parameter of type 'long' which may cause truncation of
value". Very unlikely for this code though. Nevertheless, add an
explicit check for truncation to shut clang up and error out.
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
---
config.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/config.c b/config.c
index d7ce34b..880bd4a 100644
--- a/config.c
+++ b/config.c
@@ -503,6 +503,7 @@ static int git_parse_signed(const char *value, intmax_t *ret, intmax_t max)
intmax_t val;
uintmax_t uval;
uintmax_t factor = 1;
+ long int lival;
errno = 0;
val = strtoimax(value, &end, 0);
@@ -512,9 +513,14 @@ static int git_parse_signed(const char *value, intmax_t *ret, intmax_t max)
errno = EINVAL;
return 0;
}
- uval = labs(val);
+ lival = (long int)val;
+ if (lival != val) {
+ errno = ERANGE;
+ return 0;
+ }
+ uval = labs(lival);
uval *= factor;
- if (uval > max || labs(val) > uval) {
+ if (uval > max || labs(lival) > uval) {
errno = ERANGE;
return 0;
}
--
2.8.2.532.g6dfa503.dirty
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] config.c: fix potential number truncation in git_parse_signed()
2016-07-02 13:13 [PATCH] config.c: fix potential number truncation in git_parse_signed() Nguyễn Thái Ngọc Duy
@ 2016-07-06 19:33 ` Junio C Hamano
2016-07-08 16:01 ` Duy Nguyen
0 siblings, 1 reply; 3+ messages in thread
From: Junio C Hamano @ 2016-07-06 19:33 UTC (permalink / raw)
To: Nguyễn Thái Ngọc Duy; +Cc: git
Nguyễn Thái Ngọc Duy <pclouds@gmail.com> writes:
> clang -Wabsolute-value on IA-32 architecture complains that "absolute
> value function 'labs' given an argument of type 'intmax_t' (aka 'long
> long') but has parameter of type 'long' which may cause truncation of
> value". Very unlikely for this code though. Nevertheless, add an
> explicit check for truncation to shut clang up and error out.
Thanks. It however makes me wonder if it is a better approach to
avoid downcasting intmax_t to long by using imaxabs()?
>
> Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
> ---
> config.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/config.c b/config.c
> index d7ce34b..880bd4a 100644
> --- a/config.c
> +++ b/config.c
> @@ -503,6 +503,7 @@ static int git_parse_signed(const char *value, intmax_t *ret, intmax_t max)
> intmax_t val;
> uintmax_t uval;
> uintmax_t factor = 1;
> + long int lival;
>
> errno = 0;
> val = strtoimax(value, &end, 0);
> @@ -512,9 +513,14 @@ static int git_parse_signed(const char *value, intmax_t *ret, intmax_t max)
> errno = EINVAL;
> return 0;
> }
> - uval = labs(val);
> + lival = (long int)val;
> + if (lival != val) {
> + errno = ERANGE;
> + return 0;
> + }
> + uval = labs(lival);
> uval *= factor;
> - if (uval > max || labs(val) > uval) {
> + if (uval > max || labs(lival) > uval) {
> errno = ERANGE;
> return 0;
> }
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] config.c: fix potential number truncation in git_parse_signed()
2016-07-06 19:33 ` Junio C Hamano
@ 2016-07-08 16:01 ` Duy Nguyen
0 siblings, 0 replies; 3+ messages in thread
From: Duy Nguyen @ 2016-07-08 16:01 UTC (permalink / raw)
To: Junio C Hamano; +Cc: Git Mailing List
On Wed, Jul 6, 2016 at 9:33 PM, Junio C Hamano <gitster@pobox.com> wrote:
> Nguyễn Thái Ngọc Duy <pclouds@gmail.com> writes:
>
>> clang -Wabsolute-value on IA-32 architecture complains that "absolute
>> value function 'labs' given an argument of type 'intmax_t' (aka 'long
>> long') but has parameter of type 'long' which may cause truncation of
>> value". Very unlikely for this code though. Nevertheless, add an
>> explicit check for truncation to shut clang up and error out.
>
> Thanks. It however makes me wonder if it is a better approach to
> avoid downcasting intmax_t to long by using imaxabs()?
I think the tricky part is detect overflow. WIth uval being a
potentially signed number, i'm not sure how to catch it. The (uval >
max || labs(val) > uval) was written with unsigned number in mind, I
think.
>
>>
>> Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
>> ---
>> config.c | 10 ++++++++--
>> 1 file changed, 8 insertions(+), 2 deletions(-)
>>
>> diff --git a/config.c b/config.c
>> index d7ce34b..880bd4a 100644
>> --- a/config.c
>> +++ b/config.c
>> @@ -503,6 +503,7 @@ static int git_parse_signed(const char *value, intmax_t *ret, intmax_t max)
>> intmax_t val;
>> uintmax_t uval;
>> uintmax_t factor = 1;
>> + long int lival;
>>
>> errno = 0;
>> val = strtoimax(value, &end, 0);
>> @@ -512,9 +513,14 @@ static int git_parse_signed(const char *value, intmax_t *ret, intmax_t max)
>> errno = EINVAL;
>> return 0;
>> }
>> - uval = labs(val);
>> + lival = (long int)val;
>> + if (lival != val) {
>> + errno = ERANGE;
>> + return 0;
>> + }
>> + uval = labs(lival);
>> uval *= factor;
>> - if (uval > max || labs(val) > uval) {
>> + if (uval > max || labs(lival) > uval) {
>> errno = ERANGE;
>> return 0;
>> }
--
Duy
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-07-08 16:02 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-07-02 13:13 [PATCH] config.c: fix potential number truncation in git_parse_signed() Nguyễn Thái Ngọc Duy
2016-07-06 19:33 ` Junio C Hamano
2016-07-08 16:01 ` Duy Nguyen
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).