patch-id: replace atoi() with strtol_i2()

The change is made to improve the error-handling capabilities during the conversion of string representations to integers. The `strtol_i2(` function offers a more robust mechanism for converting strings to integers by providing enhanced error detection. Unlike `atoi(`, `strtol_i2(` allows the code to differentiate between a valid conversion and an invalid one, offering better resilience against potential issues such as reading hunk header of a corrupted patch. Signed-off-by: Mohit Marathe <[email protected]>
gitgitgadget · Jan 24, 2024 · 2dddb73 · 2dddb73
1 parent 6baa460
commit 2dddb73
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/builtin/patch-id.c b/builtin/patch-id.c
@@ -1,3 +1,4 @@
+#include "git-compat-util.h"
 #include "builtin.h"
 #include "config.h"
 #include "diff.h"
@@ -29,13 +30,15 @@ static int scan_hunk_header(const char *p, int *p_before, int *p_after)
 {
 	static const char digits[] = "0123456789";
 	const char *q, *r;
+	char *endp;
 	int n;
 
 	q = p + 4;
 	n = strspn(q, digits);
 	if (q[n] == ',') {
 		q += n + 1;
-		*p_before = atoi(q);
+		if (strtol_i2(q, 10, p_before, &endp) != 0)
+			return 0;
 		n = strspn(q, digits);
 	} else {
 		*p_before = 1;
@@ -48,7 +51,8 @@ static int scan_hunk_header(const char *p, int *p_before, int *p_after)
 	n = strspn(r, digits);
 	if (r[n] == ',') {
 		r += n + 1;
-		*p_after = atoi(r);
+		if (strtol_i2(r, 10, p_after, &endp) != 0)
+			return 0;
 		n = strspn(r, digits);
 	} else {
 		*p_after = 1;