parse: fix off-by-one for minimum signed values

We accept a maximum value in `git_parse_signed()` that restricts the
range of accepted integers. As the intent is to pass `INT*_MAX` values
here, this maximum doesn't only act as the upper bound, but also as the
implicit lower bound of the accepted range.

This lower bound is calculated by negating the maximum. But given that
the maximum value of a signed integer with N bits is `2^(N-1)-1` whereas
the minimum value is `-2^(N-1)` we have an off-by-one error in the lower
bound.

Fix this off-by-one error by using `-max - 1` as lower bound instead.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/parse.c b/parse.c
index 7a60a4f816c3e4f7d473403d6229f6747b3307bb..3c47448ca675fbf3d67cb6969c40f602bd99d35d 100644 (file)
--- a/parse.c
+++ b/parse.c
@@ -38,7 +38,7 @@ int git_parse_signed(const char *value, intmax_t *ret, intmax_t max)
                        errno = EINVAL;
                        return 0;
                }
-               if ((val < 0 && -max / factor > val) ||
+               if ((val < 0 && (-max - 1) / factor > val) ||
                    (val > 0 && max / factor < val)) {
                        errno = ERANGE;
                        return 0;