It is currently declared to return int, which could overflow for large
files.
Signed-off-by: Michael Haggerty <mhagger@xxxxxxxxxxxx>
---
This patch is against maint, but it also rebases against master
without conflict.
I couldn't find any way to exploit this bug. Most callers only use
this function for locally-generated files in the first place. And the
correct length of the file is available in strbuf::len, so most
callers only use the return value for a "< 0" check. And they don't do
anything risky on the error path.
strbuf.c | 5 +++--
strbuf.h | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/strbuf.c b/strbuf.c
index 88cafd4..b4da9f5 100644
--- a/strbuf.c
+++ b/strbuf.c
@@ -481,9 +481,10 @@ int strbuf_getwholeline_fd(struct strbuf *sb, int fd, int term)
return 0;
}
-int strbuf_read_file(struct strbuf *sb, const char *path, size_t hint)
+ssize_t strbuf_read_file(struct strbuf *sb, const char *path, size_t hint)
{
- int fd, len;
+ int fd;
+ ssize_t len;
fd = open(path, O_RDONLY);
if (fd < 0)
diff --git a/strbuf.h b/strbuf.h
index 1883494..1ea9d0b 100644
--- a/strbuf.h
+++ b/strbuf.h
@@ -364,7 +364,7 @@ extern ssize_t strbuf_read(struct strbuf *, int fd, size_t hint);
* Read the contents of a file, specified by its path. The third argument
* can be used to give a hint about the file size, to avoid reallocs.
*/
-extern int strbuf_read_file(struct strbuf *sb, const char *path, size_t hint);
+extern ssize_t strbuf_read_file(struct strbuf *sb, const char *path, size_t hint);
/**
* Read the target of a symbolic link, specified by its path. The third
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html