Andrew's git / gitweb.git / diff
?
sscanf/strtoul: parse integers robustly
authorJim Meyering <jim@meyering.net>
Mon, 9 Apr 2007 23:01:44 +0000 (01:01 +0200)
committerJunio C Hamano <junkio@cox.net>
Sun, 15 Apr 2007 02:47:20 +0000 (19:47 -0700)
* builtin-grep.c (strtoul_ui): Move function definition from here, to...
* git-compat-util.h (strtoul_ui): ...here, with an added "base" parameter.
* builtin-grep.c (cmd_grep): Update use of strtoul_ui to include base, "10".
* builtin-update-index.c (read_index_info): Diagnose an invalid mode integer
that is out of range or merely larger than INT_MAX.
(cmd_update_index): Use strtoul_ui, not sscanf.
* convert-objects.c (write_subdirectory): Likewise.

Signed-off-by: Jim Meyering <jim@meyering.net>
Signed-off-by: Junio C Hamano <junkio@cox.net>
builtin-grep.c patch | blob | history
builtin-update-index.c patch | blob | history
convert-objects.c patch | blob | history
git-compat-util.h patch | blob | history
diff --git a/builtin-grep.c b/builtin-grep.c
index 981f3d4d8eb079f5985beaaf94014d5745c5aacc..e13cb31f2b9dd63d335437fb5b1c9b0b06fbf188 100644 (file)
--- a/builtin-grep.c
+++ b/builtin-grep.c
@@ -434,19 +434,6 @@ static const char emsg_missing_context_len[] =
 static const char emsg_missing_argument[] =
 "option requires an argument -%s";
 
-static int strtoul_ui(char const *s, unsigned int *result)
-{
-       unsigned long ul;
-       char *p;
-
-       errno = 0;
-       ul = strtoul(s, &p, 10);
-       if (errno || *p || p == s || (unsigned int) ul != ul)
-               return -1;
-       *result = ul;
-       return 0;
-}
-
 int cmd_grep(int argc, const char **argv, const char *prefix)
 {
        int hit = 0;
@@ -569,7 +556,7 @@ int cmd_grep(int argc, const char **argv, const char *prefix)
                                scan = arg + 1;
                                break;
                        }
-                       if (strtoul_ui(scan, &num))
+                       if (strtoul_ui(scan, 10, &num))
                                die(emsg_invalid_context_len, scan);
                        switch (arg[1]) {
                        case 'A':
diff --git a/builtin-update-index.c b/builtin-update-index.c
index 71cef633c0e36b3a33fa29eccb8579a9304b0777..6ed61ebc57e9591edfe00f2e57926df7b790856b 100644 (file)
--- a/builtin-update-index.c
+++ b/builtin-update-index.c
@@ -227,6 +227,7 @@ static void read_index_info(int line_termination)
                char *path_name;
                unsigned char sha1[20];
                unsigned int mode;
+               unsigned long ul;
                int stage;
 
                /* This reads lines formatted in one of three formats:
@@ -249,9 +250,12 @@ static void read_index_info(int line_termination)
                if (buf.eof)
                        break;
 
-               mode = strtoul(buf.buf, &ptr, 8);
-               if (ptr == buf.buf || *ptr != ' ')
+               errno = 0;
+               ul = strtoul(buf.buf, &ptr, 8);
+               if (ptr == buf.buf || *ptr != ' '
+                   || errno || (unsigned int) ul != ul)
                        goto bad_line;
+               mode = ul;
 
                tab = strchr(ptr, '\t');
                if (!tab || tab - ptr < 41)
@@ -547,7 +551,7 @@ int cmd_update_index(int argc, const char **argv, const char *prefix)
                                if (i+3 >= argc)
                                        die("git-update-index: --cacheinfo <mode> <sha1> <path>");
 
-                               if ((sscanf(argv[i+1], "%o", &mode) != 1) ||
+                               if ((strtoul_ui(argv[i+1], 8, &mode) != 1) ||
                                    get_sha1_hex(argv[i+2], sha1) ||
                                    add_cacheinfo(mode, sha1, argv[i+3], 0))
                                        die("git-update-index: --cacheinfo"
diff --git a/convert-objects.c b/convert-objects.c
index 4809f9199fa21dcd95ab508e26196080d49e8e88..cf03bcfe5aa4f95ec4b6384bc38d63b1e453f731 100644 (file)
--- a/convert-objects.c
+++ b/convert-objects.c
@@ -88,7 +88,7 @@ static int write_subdirectory(void *buffer, unsigned long size, const char *base
                unsigned int mode;
                char *slash, *origpath;
 
-               if (!path || sscanf(buffer, "%o", &mode) != 1)
+               if (!path || strtoul_ui(buffer, 8, &mode) != 1)
                        die("bad tree conversion");
                mode = convert_mode(mode);
                path++;
diff --git a/git-compat-util.h b/git-compat-util.h
index 139fc19108cab51eb23659868ef8600ff6b25795..5f6a281b78245bbb4e1e480d81cfb8c1b4cfa6ac 100644 (file)
--- a/git-compat-util.h
+++ b/git-compat-util.h
@@ -301,4 +301,17 @@ static inline int prefixcmp(const char *str, const char *prefix)
        return strncmp(str, prefix, strlen(prefix));
 }
 
+static inline int strtoul_ui(char const *s, int base, unsigned int *result)
+{
+       unsigned long ul;
+       char *p;
+
+       errno = 0;
+       ul = strtoul(s, &p, base);
+       if (errno || *p || p == s || (unsigned int) ul != ul)
+               return -1;
+       *result = ul;
+       return 0;
+}
+
 #endif