From: Paul Eggert Date: Fri, 2 Aug 2024 16:07:06 +0000 (-0700) Subject: Make stripped_prefix_len signed X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=61656ef35bc0879e7172cab976fdbbc231d7a3b5;p=thirdparty%2Ftar.git Make stripped_prefix_len signed This is part of the general guideline that signed integer types are safer. * src/names.c (stripped_prefix_len): Return ptrdiff_t, not size_t. All callers changed. --- diff --git a/src/common.h b/src/common.h index c2c22fc3..085e7d96 100644 --- a/src/common.h +++ b/src/common.h @@ -810,7 +810,7 @@ struct name *name_scan (const char *name, bool exact); struct name const *name_from_list (void); void blank_name_list (void); char *make_file_name (const char *dir_name, const char *name); -size_t stripped_prefix_len (char const *file_name, size_t num); +ptrdiff_t stripped_prefix_len (char const *file_name, size_t num); bool all_names_found (struct tar_stat_info *st); void add_avoided_name (char const *name); diff --git a/src/list.c b/src/list.c index c9717eb4..339a650b 100644 --- a/src/list.c +++ b/src/list.c @@ -100,9 +100,9 @@ decode_xform (char *file_name, void *data) if (strip_name_components) { - size_t prefix_len = stripped_prefix_len (file_name, - strip_name_components); - if (prefix_len == (size_t) -1) + ptrdiff_t prefix_len = stripped_prefix_len (file_name, + strip_name_components); + if (prefix_len < 0) prefix_len = strlen (file_name); file_name += prefix_len; } diff --git a/src/names.c b/src/names.c index 03d1a12e..792b9d38 100644 --- a/src/names.c +++ b/src/names.c @@ -1964,9 +1964,10 @@ make_file_name (const char *directory_name, const char *name) /* Return the size of the prefix of FILE_NAME that is removed after stripping NUM leading file name components. NUM must be - positive. */ + positive. Return a negative number if FILE_NAME does not have + enough components. */ -size_t +ptrdiff_t stripped_prefix_len (char const *file_name, size_t num) { char const *p = file_name + FILE_SYSTEM_PREFIX_LEN (file_name);