From a206058fdaab6274ae7b9bdca274011efba74e11 Mon Sep 17 00:00:00 2001
From: Phillip Wood <phillip.wood@dunelm.org.uk>
Date: Thu, 30 Jan 2025 11:08:30 +0000
Subject: apply: detect overflow when parsing hunk header

"git apply" uses strtoul() to parse the numbers in the hunk header but
silently ignores overflows. As LONG_MAX is a legitimate return value for
strtoul() we need to set errno to zero before the call to strtoul() and
check that it is still zero afterwards. The error message we display is
not particularly helpful as it does not say what was wrong.  However, it
seems pretty unlikely that users are going to trigger this error in
practice and we can always improve it later if needed.

Signed-off-by: Phillip Wood <phillip.wood@dunelm.org.uk>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 apply.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'apply.c')

diff --git a/apply.c b/apply.c
index 7608e3301c..e3b98b0731 100644
--- a/apply.c
+++ b/apply.c
@@ -1426,7 +1426,10 @@ static int parse_num(const char *line, unsigned long *p)
 
 	if (!isdigit(*line))
 		return 0;
+	errno = 0;
 	*p = strtoul(line, &ptr, 10);
+	if (errno)
+		return 0;
 	return ptr - line;
 }
 
-- 
cgit v1.3-6-g1900