Am 17.06.19 um 00:26 schrieb Junio C Hamano:
> René Scharfe <l.s.r@xxxxxx> writes:
>
>>>>> To fix it, let's just "unroll" the function (i.e. negate the value if it
>>>>> is negative).
>>>>
>>>> There's also imaxabs(3).
>
> That may be true, but seeing that some platforms wants to see
> intmax_t defined in the compat/ layer, I suspect we cannot avoid
> having a copy of unrolled implementation somewhere in our code.
Right. And if we later decide to give it a name then we could ask
Coccinelle to find the places that need converting with a semantic
patch like this:
@@
intmax_t i;
@@
- i < 0 ? -i : i
+ imaxabs(i)
Side note: I was surprised to find that I added those labs(3) calls, in
83915ba521 ("use labs() for variables of type long instead of abs()",
2014-11-15). Sloppy. :-/
> A patch to use unsigned_mult_overflows() here, on top of the
> "unrolled imaxabs" patch we reviewed, would be good to tie a loose
> end.
How about this?
-- >8 --
Subject: [PATCH] config: simplify unit suffix handling
parse_unit_factor() checks if a K, M or G is present after a number and
multiplies it by 2^10, 2^20 or 2^30, respectively. One of its callers
checks if the result is smaller than the number alone to detect
overflows. The other one passes 1 as the number and does multiplication
and overflow check itself in a similar manner.
This works, but is inconsistent, and it would break if we added support
for a bigger unit factor. E.g. 16777217T expands to 2^64 + 2^40, which
is too big for a 64-bit number. Modulo 2^64 we get 2^40 == 1TB, which
is bigger than the raw number 16777217 == 2^24 + 1, so the overflow
would go undetected by that method.
Move the multiplication out of parse_unit_factor() and rename it to
get_unit_factor() to signify its reduced functionality. This partially
reverts c8deb5a146 ("Improve error messages when int/long cannot be
parsed from config", 2007-12-25), but keeps the improved error messages.
Use a return value of 0 to signal an invalid suffix.
And use unsigned_mult_overflows to check for an overflow *before* doing
the actual multiplication, which is simpler and can deal with larger
unit factors.
Signed-off-by: Rene Scharfe <l.s.r@xxxxxx>
---
Patch generated with --function-context for easier reviewing.
config.c | 39 ++++++++++++++++++---------------------
1 file changed, 18 insertions(+), 21 deletions(-)
diff --git a/config.c b/config.c
index 01c6e9df23..61a8bbb5cd 100644
--- a/config.c
+++ b/config.c
@@ -834,51 +834,46 @@ static int git_parse_source(config_fn_t fn, void *data,
return error_return;
}
-static int parse_unit_factor(const char *end, uintmax_t *val)
+static uintmax_t get_unit_factor(const char *end)
{
if (!*end)
return 1;
- else if (!strcasecmp(end, "k")) {
- *val *= 1024;
- return 1;
- }
- else if (!strcasecmp(end, "m")) {
- *val *= 1024 * 1024;
- return 1;
- }
- else if (!strcasecmp(end, "g")) {
- *val *= 1024 * 1024 * 1024;
- return 1;
- }
+ if (!strcasecmp(end, "k"))
+ return 1024;
+ if (!strcasecmp(end, "m"))
+ return 1024 * 1024;
+ if (!strcasecmp(end, "g"))
+ return 1024 * 1024 * 1024;
return 0;
}
static int git_parse_signed(const char *value, intmax_t *ret, intmax_t max)
{
if (value && *value) {
char *end;
intmax_t val;
uintmax_t uval;
- uintmax_t factor = 1;
+ uintmax_t factor;
errno = 0;
val = strtoimax(value, &end, 0);
if (errno == ERANGE)
return 0;
- if (!parse_unit_factor(end, &factor)) {
+ factor = get_unit_factor(end);
+ if (!factor) {
errno = EINVAL;
return 0;
}
uval = val < 0 ? -val : val;
- uval *= factor;
- if (uval > max || (val < 0 ? -val : val) > uval) {
+ if (unsigned_mult_overflows(factor, uval) ||
+ factor * uval > max) {
errno = ERANGE;
return 0;
}
val *= factor;
*ret = val;
return 1;
}
errno = EINVAL;
return 0;
}
@@ -886,26 +881,28 @@ static int git_parse_signed(const char *value, intmax_t *ret, intmax_t max)
static int git_parse_unsigned(const char *value, uintmax_t *ret, uintmax_t max)
{
if (value && *value) {
char *end;
uintmax_t val;
- uintmax_t oldval;
+ uintmax_t factor;
errno = 0;
val = strtoumax(value, &end, 0);
if (errno == ERANGE)
return 0;
- oldval = val;
- if (!parse_unit_factor(end, &val)) {
+ factor = get_unit_factor(end);
+ if (!factor) {
errno = EINVAL;
return 0;
}
- if (val > max || oldval > val) {
+ if (unsigned_mult_overflows(factor, val) ||
+ factor * val > max) {
errno = ERANGE;
return 0;
}
+ val *= factor;
*ret = val;
return 1;
}
errno = EINVAL;
return 0;
}
--
2.22.0
