From: Phillip Wood <phillip.wood@dunelm.org.uk>
Date: Thu, 30 Jan 2025 11:08:30 +0000 (+0000)
Subject: apply: detect overflow when parsing hunk header
X-Git-Tag: v2.49.0-rc0~49^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a206058fdaab6274ae7b9bdca274011efba74e11;p=thirdparty%2Fgit.git

apply: detect overflow when parsing hunk header

"git apply" uses strtoul() to parse the numbers in the hunk header but
silently ignores overflows. As LONG_MAX is a legitimate return value for
strtoul() we need to set errno to zero before the call to strtoul() and
check that it is still zero afterwards. The error message we display is
not particularly helpful as it does not say what was wrong.  However, it
seems pretty unlikely that users are going to trigger this error in
practice and we can always improve it later if needed.

Signed-off-by: Phillip Wood <phillip.wood@dunelm.org.uk>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---

diff --git a/apply.c b/apply.c
index 7608e3301c..e3b98b0731 100644
--- a/apply.c
+++ b/apply.c
@@ -1426,7 +1426,10 @@ static int parse_num(const char *line, unsigned long *p)
 
 	if (!isdigit(*line))
 		return 0;
+	errno = 0;
 	*p = strtoul(line, &ptr, 10);
+	if (errno)
+		return 0;
 	return ptr - line;
 }
 
diff --git a/t/t4100-apply-stat.sh b/t/t4100-apply-stat.sh
index d503547732..fcbd593634 100755
--- a/t/t4100-apply-stat.sh
+++ b/t/t4100-apply-stat.sh
@@ -39,4 +39,17 @@ incomplete (1)
 incomplete (2)
 EOF
 
+test_expect_success 'applying a hunk header which overflows fails' '
+	cat >patch <<-\EOF &&
+	diff -u a/file b/file
+	--- a/file
+	+++ b/file
+	@@ -98765432109876543210 +98765432109876543210 @@
+	-a
+	+b
+	EOF
+	test_must_fail git apply patch 2>err &&
+	echo "error: corrupt patch at line 4" >expect &&
+	test_cmp expect err
+'
 test_done