Re: [PATCH] strtoul_ui: reject negative values

2015-09-17 Thread Marc Branchaud
On 15-09-17 11:34 AM, Matthieu Moy wrote: > Marc Branchaud writes: > >>> --- a/git-compat-util.h >>> +++ b/git-compat-util.h >>> @@ -814,6 +814,9 @@ static inline int strtoul_ui(char const *s, int base, >>> unsigned int *result) >>> char *p; >>> >>> errno = 0;

Re: [PATCH] strtoul_ui: reject negative values

2015-09-17 Thread Marc Branchaud
On 15-09-17 10:37 AM, Matthieu Moy wrote: > strtoul_ui uses strtoul to get a long unsigned, then checks that casting > to unsigned does not lose information and return the casted value. > > On 64 bits architecture, checking that the cast does not change the value > catches most errors, but when

Re: [PATCH] strtoul_ui: reject negative values

2015-09-17 Thread Matthieu Moy
Marc Branchaud writes: >> --- a/git-compat-util.h >> +++ b/git-compat-util.h >> @@ -814,6 +814,9 @@ static inline int strtoul_ui(char const *s, int base, >> unsigned int *result) >> char *p; >> >> errno = 0; >> +/* negative values would be accepted by

Re: [PATCH] strtoul_ui: reject negative values

2015-09-17 Thread Junio C Hamano
Matthieu Moy writes: > This patch catches negative values before it's too late, i.e. before > calling strtoul. We still silently accept very large integers that wrap > to a valid "unsigned int". Is the last statement correct? A very large long uint that wrap to uint would

[PATCH] strtoul_ui: reject negative values

2015-09-17 Thread Matthieu Moy
strtoul_ui uses strtoul to get a long unsigned, then checks that casting to unsigned does not lose information and return the casted value. On 64 bits architecture, checking that the cast does not change the value catches most errors, but when sizeof(int) == sizeof(long) (e.g. i386), the check