Commit 0f1e2d2066115e62fd7396e0f436b4a5dd8384cd
2016-02-23T11:23:26
index: fix contradicting comparison The overflow check in `read_reuc` tries to verify if the `git__strtol32` parses an integer bigger than UINT_MAX. The `tmp` variable is casted to an unsigned int for this and then checked for being greater than UINT_MAX, which obviously can never be true. Fix this by instead fixing the `mode` field's size in `struct git_index_reuc_entry` to `uint32_t`. We can now parse the int with `git__strtol64`, which can never return a value bigger than `UINT32_MAX`, and additionally checking if the returned value is smaller than zero. We do not need to handle overflows explicitly here, as `git__strtol64` returns an error when the returned value would overflow.
diff --git a/include/git2/sys/index.h b/include/git2/sys/index.h
index 29a99f7..2e2b87e 100644
--- a/include/git2/sys/index.h
+++ b/include/git2/sys/index.h
@@ -25,7 +25,7 @@ typedef struct git_index_name_entry {
/** Representation of a resolve undo entry in the index. */
typedef struct git_index_reuc_entry {
- unsigned int mode[3];
+ uint32_t mode[3];
git_oid oid[3];
char *path;
} git_index_reuc_entry;
diff --git a/src/index.c b/src/index.c
index 85c2f8e..483f7af 100644
--- a/src/index.c
+++ b/src/index.c
@@ -2135,11 +2135,11 @@ static int read_reuc(git_index *index, const char *buffer, size_t size)
/* read 3 ASCII octal numbers for stage entries */
for (i = 0; i < 3; i++) {
- int tmp;
+ int64_t tmp;
- if (git__strtol32(&tmp, buffer, &endptr, 8) < 0 ||
+ if (git__strtol64(&tmp, buffer, &endptr, 8) < 0 ||
!endptr || endptr == buffer || *endptr ||
- (unsigned)tmp > UINT_MAX) {
+ tmp < 0) {
index_entry_reuc_free(lost);
return index_error_invalid("reading reuc entry stage");
}