apply.c: fix -p argument parsing

"git apply" has an option -p that takes an integer as its argument.
Unfortunately the function apply_option_parse_p() in charge of parsing
this argument uses atoi() to convert from string to integer, which
allows a non-digit after the number (e.g. "1q") to be silently ignored.
As a consequence, an argument that does not begin with a digit silently
becomes a zero. Despite this command working fine when a non-positive
argument is passed, it might be useful for the end user to know that
their input contains non-digits that might've been unintended.

Replace atoi() with strtol_i() to catch malformed inputs.

Signed-off-by: Mirko Faina <mroik@delayed.space>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/apply.c b/apply.c
index 3de4aa4d2eaac58a439e70a4db32d11cd078eac0..faf75b544977ad0d13b756b64a84f73abae36ffa 100644 (file)
--- a/apply.c
+++ b/apply.c
@@ -4961,7 +4961,8 @@ static int apply_option_parse_p(const struct option *opt,
 
        BUG_ON_OPT_NEG(unset);
 
-       state->p_value = atoi(arg);
+       if (strtol_i(arg, 10, &state->p_value) < 0 || state->p_value < 0)
+               die(_("option -p expects a non-negative integer, got '%s'"), arg);
        state->p_value_known = 1;
        return 0;
 }

diff --git a/t/t4120-apply-popt.sh b/t/t4120-apply-popt.sh
index 697e86c0ff456028948a769f2b6ccfa66bee2dc2..c960fdf622512f31d65be950ef3a78566d459ba3 100755 (executable)
--- a/t/t4120-apply-popt.sh
+++ b/t/t4120-apply-popt.sh
@@ -23,6 +23,47 @@ test_expect_success setup '
        rmdir süb
 '
 
+test_expect_success 'git apply -p 1 patch' '
+       cat >patch <<-\EOF &&
+       From 90ad11d5b2d437e82d4d992f72fb44c2227798b5 Mon Sep 17 00:00:00 2001
+       From: Mroik <mroik@delayed.space>
+       Date: Mon, 9 Mar 2026 23:25:00 +0100
+       Subject: [PATCH] Test
+
+       ---
+        t/test/test | 0
+        1 file changed, 0 insertions(+), 0 deletions(-)
+        create mode 100644 t/test/test
+
+       diff --git a/t/test/test b/t/test/test
+       new file mode 100644
+       index 0000000000..e69de29bb2
+       --
+       2.53.0.851.ga537e3e6e9
+       EOF
+       test_when_finished "rm -rf t" &&
+       git apply -p 1 patch &&
+       test_path_is_dir t
+'
+
+test_expect_success 'apply fails due to non-num -p' '
+       test_when_finished "rm -rf t test err" &&
+       test_must_fail git apply -p malformed patch 2>err &&
+       test_grep "option -p expects a non-negative integer" err
+'
+
+test_expect_success 'apply fails due to trailing non-digit in -p' '
+       test_when_finished "rm -rf t test err" &&
+       test_must_fail git apply -p 2q patch 2>err &&
+       test_grep "option -p expects a non-negative integer" err
+'
+
+test_expect_success 'apply fails due to negative number in -p' '
+       test_when_finished "rm -rf t test err patch" &&
+       test_must_fail git apply -p -1 patch 2> err &&
+       test_grep "option -p expects a non-negative integer" err
+'
+
 test_expect_success 'apply git diff with -p2' '
        cp file1.saved file1 &&
        git apply -p2 patch.file