René Scharfe <l.s.r@xxxxxx> writes: > How about this? Sounds sensible. > -- >8 -- > Subject: [PATCH] config: simplify unit suffix handling > > parse_unit_factor() checks if a K, M or G is present after a number and > multiplies it by 2^10, 2^20 or 2^30, respectively. One of its callers > checks if the result is smaller than the number alone to detect > overflows. The other one passes 1 as the number and does multiplication > and overflow check itself in a similar manner. > > This works, but is inconsistent, and it would break if we added support > for a bigger unit factor. E.g. 16777217T expands to 2^64 + 2^40, which > is too big for a 64-bit number. Modulo 2^64 we get 2^40 == 1TB, which > is bigger than the raw number 16777217 == 2^24 + 1, so the overflow > would go undetected by that method. > > Move the multiplication out of parse_unit_factor() and rename it to > get_unit_factor() to signify its reduced functionality. This partially > reverts c8deb5a146 ("Improve error messages when int/long cannot be > parsed from config", 2007-12-25), but keeps the improved error messages. > Use a return value of 0 to signal an invalid suffix. > > And use unsigned_mult_overflows to check for an overflow *before* doing > the actual multiplication, which is simpler and can deal with larger > unit factors. > > Signed-off-by: Rene Scharfe <l.s.r@xxxxxx> > --- > Patch generated with --function-context for easier reviewing. > > config.c | 39 ++++++++++++++++++--------------------- > 1 file changed, 18 insertions(+), 21 deletions(-) > > diff --git a/config.c b/config.c > index 01c6e9df23..61a8bbb5cd 100644 > --- a/config.c > +++ b/config.c > @@ -834,51 +834,46 @@ static int git_parse_source(config_fn_t fn, void *data, > return error_return; > } > > -static int parse_unit_factor(const char *end, uintmax_t *val) > +static uintmax_t get_unit_factor(const char *end) > { > if (!*end) > return 1; > - else if (!strcasecmp(end, "k")) { > - *val *= 1024; > - return 1; > - } > - else if (!strcasecmp(end, "m")) { > - *val *= 1024 * 1024; > - return 1; > - } > - else if (!strcasecmp(end, "g")) { > - *val *= 1024 * 1024 * 1024; > - return 1; > - } > + if (!strcasecmp(end, "k")) > + return 1024; > + if (!strcasecmp(end, "m")) > + return 1024 * 1024; > + if (!strcasecmp(end, "g")) > + return 1024 * 1024 * 1024; > return 0; > } > > static int git_parse_signed(const char *value, intmax_t *ret, intmax_t max) > { > if (value && *value) { > char *end; > intmax_t val; > uintmax_t uval; > - uintmax_t factor = 1; > + uintmax_t factor; > > errno = 0; > val = strtoimax(value, &end, 0); > if (errno == ERANGE) > return 0; > - if (!parse_unit_factor(end, &factor)) { > + factor = get_unit_factor(end); > + if (!factor) { > errno = EINVAL; > return 0; > } > uval = val < 0 ? -val : val; > - uval *= factor; > - if (uval > max || (val < 0 ? -val : val) > uval) { > + if (unsigned_mult_overflows(factor, uval) || > + factor * uval > max) { > errno = ERANGE; > return 0; > } > val *= factor; > *ret = val; > return 1; > } > errno = EINVAL; > return 0; > } > @@ -886,26 +881,28 @@ static int git_parse_signed(const char *value, intmax_t *ret, intmax_t max) > static int git_parse_unsigned(const char *value, uintmax_t *ret, uintmax_t max) > { > if (value && *value) { > char *end; > uintmax_t val; > - uintmax_t oldval; > + uintmax_t factor; > > errno = 0; > val = strtoumax(value, &end, 0); > if (errno == ERANGE) > return 0; > - oldval = val; > - if (!parse_unit_factor(end, &val)) { > + factor = get_unit_factor(end); > + if (!factor) { > errno = EINVAL; > return 0; > } > - if (val > max || oldval > val) { > + if (unsigned_mult_overflows(factor, val) || > + factor * val > max) { > errno = ERANGE; > return 0; > } > + val *= factor; > *ret = val; > return 1; > } > errno = EINVAL; > return 0; > } > -- > 2.22.0