config: properly range-check integer values

When we look at a config value as an integer using the
git_config_int function, we carefully range-check the value
we get and complain if it is out of our range. But the range
we compare to is that of a "long", which we then cast to an
"int" in the function's return value. This means that on
systems where "int" and "long" have different sizes (e.g.,
LP64 systems), we may pass the range check, but then return
nonsense by truncating the value as we cast it to an int.

We can solve this by converting git_parse_long into
git_parse_int, and range-checking the "int" range. Nobody
actually cared that we used a "long" internally, since the
result was truncated anyway. And the only other caller of
git_parse_long is git_config_maybe_bool, which should be
fine to just use int (though we will now forbid out-of-range
nonsense like setting "merge.ff" to "10g" to mean "true",
which is probably a good thing).

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/config.c b/config.c
index 19e8229b181c79541b1f811f7d2981be4a6dbc68..d3f71b261eb9c3e612c218bd58499ddd25513702 100644 (file)
--- a/config.c
+++ b/config.c
@@ -515,10 +515,10 @@ int git_parse_unsigned(const char *value, uintmax_t *ret, uintmax_t max)
        return 0;
 }
 
-static int git_parse_long(const char *value, long *ret)
+static int git_parse_int(const char *value, int *ret)
 {
        intmax_t tmp;
-       if (!git_parse_signed(value, &tmp, maximum_signed_value_of_type(long)))
+       if (!git_parse_signed(value, &tmp, maximum_signed_value_of_type(int)))
                return 0;
        *ret = tmp;
        return 1;
@@ -542,8 +542,8 @@ static void die_bad_config(const char *name)
 
 int git_config_int(const char *name, const char *value)
 {
-       long ret = 0;
-       if (!git_parse_long(value, &ret))
+       int ret;
+       if (!git_parse_int(value, &ret))
                die_bad_config(name);
        return ret;
 }
@@ -575,10 +575,10 @@ static int git_config_maybe_bool_text(const char *name, const char *value)
 
 int git_config_maybe_bool(const char *name, const char *value)
 {
-       long v = git_config_maybe_bool_text(name, value);
+       int v = git_config_maybe_bool_text(name, value);
        if (0 <= v)
                return v;
-       if (git_parse_long(value, &v))
+       if (git_parse_int(value, &v))
                return !!v;
        return -1;
 }