From d05d84c5f507e8b973982e9cf3a27a07cd94fcb8 Mon Sep 17 00:00:00 2001
From: Mirko Faina <mroik@delayed.space>
Date: Mon, 16 Mar 2026 01:51:16 +0100
Subject: apply.c: fix -p argument parsing

"git apply" has an option -p that takes an integer as its argument.
Unfortunately the function apply_option_parse_p() in charge of parsing
this argument uses atoi() to convert from string to integer, which
allows a non-digit after the number (e.g. "1q") to be silently ignored.
As a consequence, an argument that does not begin with a digit silently
becomes a zero. Despite this command working fine when a non-positive
argument is passed, it might be useful for the end user to know that
their input contains non-digits that might've been unintended.

Replace atoi() with strtol_i() to catch malformed inputs.

Signed-off-by: Mirko Faina <mroik@delayed.space>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 apply.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'apply.c')

diff --git a/apply.c b/apply.c
index 3de4aa4d2e..faf75b5449 100644
--- a/apply.c
+++ b/apply.c
@@ -4961,7 +4961,8 @@ static int apply_option_parse_p(const struct option *opt,
 
 	BUG_ON_OPT_NEG(unset);
 
-	state->p_value = atoi(arg);
+	if (strtol_i(arg, 10, &state->p_value) < 0 || state->p_value < 0)
+		die(_("option -p expects a non-negative integer, got '%s'"), arg);
 	state->p_value_known = 1;
 	return 0;
 }
-- 
cgit v1.3-6-g1900