On Tue, Feb 13, 2024, at 20:27, Rubén Justo wrote: > * P.D. * > > Thinking about this in a more general way, I've found that this kind > of error has hit us several times: > > - 953aa54e1a (pack-objects: clamp negative window size to 0, 2021-05-01) > - 6d52b6a5df (pack-objects: clamp negative depth to 0, 2021-05-01) > > Maybe the source of this error is how easy is to forget that > OPT_INTEGER can accept negative values (after all, that's what an > integer is). > > There are not many users of OPT_INTEGER, and a quick check gives me > the impression (maybe wrong...) that many of them do not expect > negative values. > > Maybe we should consider having an OPT_INTEGER that fails if the > value supplied is negative. Ideally, some kind of opt-in machinery > could be desirable, I think, for example to include/exclude: > > - negative values > - "0" ( may not be a desired value ) > - "-1" ( may have some special meaning ) > - ... > > I'll leave the idea here, just in case it inspires someone. Thank > you. Thanks to both for providing a wider perspective on guarding against such bugs. And this is an excellent point. I don’t know anything about the opt-args implementation but it would be great to guard against user-supplied values through the option parsing library. Cheers -- Kristoffer Haugsbakk
