Hi Ævar, On Tue, 24 May 2022, Ævar Arnfjörð Bjarmason wrote: > > On Tue, May 24 2022, Johannes Schindelin via GitGitGadget wrote: > > > From: Johannes Schindelin <johannes.schindelin@xxxxxx> > > > > Technically, the pointer difference `end - start` _could_ be negative, > > and when cast to an (unsigned) `size_t` that would cause problems. In > > this instance, the symptom is: > > > > dir.c: In function 'git_url_basename': > > dir.c:3087:13: error: 'memchr' specified bound [9223372036854775808, 0] > > exceeds maximum object size 9223372036854775807 > > [-Werror=stringop-overread] > > CC ewah/bitmap.o > > 3087 | if (memchr(start, '/', end - start) == NULL > > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > While it is a bit far-fetched to think that `end` (which is defined as > > `repo + strlen(repo)`) and `start` (which starts at `repo` and never > > steps beyond the NUL terminator) could result in such a negative > > difference, GCC has no way of knowing that. > > > > See also https://gcc.gnu.org/bugzilla//show_bug.cgi?id=85783. > > > > Let's just add a safety check, primarily for GCC's benefit. > > > > Signed-off-by: Johannes Schindelin <johannes.schindelin@xxxxxx> > > --- > > dir.c | 9 +++++++++ > > 1 file changed, 9 insertions(+) > > > > diff --git a/dir.c b/dir.c > > index 5aa6fbad0b7..ea78f606230 100644 > > --- a/dir.c > > +++ b/dir.c > > @@ -3076,6 +3076,15 @@ char *git_url_basename(const char *repo, int is_bundle, int is_bare) > > end--; > > } > > > > + /* > > + * It should not be possible to overflow `ptrdiff_t` by passing in an > > + * insanely long URL, but GCC does not know that and will complain > > + * without this check. > > + */ > > + if (end - start < 0) > > + die(_("No directory name could be guessed.\n" > > This should start with a lower-case letter, see CodingGuidelines. This message is copied from existing code later in the same function. Since it is a translateable message, I do not want to edit it because that would cause unnecessary work of the translators. Especially given that we do not even expect this message to be shown, ever, but we only add this hunk for GCC's benefit. Thank you, Johannes > > > + "Please specify a directory on the command line")); > > + > > /* > > * Strip trailing port number if we've got only a > > * hostname (that is, there is no dir separator but a > >
