Merge branch 'pw/apply-ulong-overflow-check'

"git apply" internally uses unsigned long for line numbers and uses strtoul() to parse numbers on the hunk headers. It however forgot to check parse errors. * pw/apply-ulong-overflow-check: apply: detect overflow when parsing hunk header
author: Junio C Hamano <gitster@pobox.com> 2025-02-10 10:18:30 -0800
committer: Junio C Hamano <gitster@pobox.com> 2025-02-10 10:18:30 -0800
commit: 34736ff48e684dac08bacdad60db41219ce1c520 (patch)
tree: 24378b85a4c8ccba59a7290096600d003ac3f5c2
parent: 442b7e0018fac61874a8423270e8fee2c0c7e689 (diff)
parent: a206058fdaab6274ae7b9bdca274011efba74e11 (diff)
download: git-34736ff48e684dac08bacdad60db41219ce1c520.tar.gz
2 files changed, 16 insertions, 0 deletions
diff --git a/apply.c b/apply.c
index 4a7b6120ac..b124678b93 100644
--- a/apply.c
+++ b/apply.c
@@ -1423,7 +1423,10 @@ static int parse_num(const char *line, unsigned long *p)
 
 	if (!isdigit(*line))
 		return 0;
+	errno = 0;
 	*p = strtoul(line, &ptr, 10);
+	if (errno)
+		return 0;
 	return ptr - line;
 }
 
diff --git a/t/t4100-apply-stat.sh b/t/t4100-apply-stat.sh
index 146e73d8f5..a5664f3eb3 100755
--- a/t/t4100-apply-stat.sh
+++ b/t/t4100-apply-stat.sh
@@ -38,4 +38,17 @@ incomplete (1)
 incomplete (2)
 EOF
 
+test_expect_success 'applying a hunk header which overflows fails' '
+	cat >patch <<-\EOF &&
+	diff -u a/file b/file
+	--- a/file
+	+++ b/file
+	@@ -98765432109876543210 +98765432109876543210 @@
+	-a
+	+b
+	EOF
+	test_must_fail git apply patch 2>err &&
+	echo "error: corrupt patch at line 4" >expect &&
+	test_cmp expect err
+'
 test_done
author	Junio C Hamano <gitster@pobox.com>	2025-02-10 10:18:30 -0800
committer	Junio C Hamano <gitster@pobox.com>	2025-02-10 10:18:30 -0800
commit	34736ff48e684dac08bacdad60db41219ce1c520 (patch)
tree	24378b85a4c8ccba59a7290096600d003ac3f5c2
parent	442b7e0018fac61874a8423270e8fee2c0c7e689 (diff)
parent	a206058fdaab6274ae7b9bdca274011efba74e11 (diff)
download	git-34736ff48e684dac08bacdad60db41219ce1c520.tar.gz