patch-id: replace atoi() with strtoi_with_tail

The change is made to improve the error-handling capabilities during the conversion of string to integers. The `strtoi_with_tail` function offers a more robust mechanism for converting strings to integers by providing enhanced error detection. Unlike `atoi`, `strtoi_with_tail` allows the code to differentiate between a valid conversion and an invalid one, offering better resilience against potential issues such as reading hunk header of a corrupted patch. Signed-off-by: Mohit Marathe <mohitmarathe@proton.me>
gitgitgadget · Jan 27, 2024 · ee8f4ae · ee8f4ae
1 parent f09b083
commit ee8f4ae
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/builtin/patch-id.c b/builtin/patch-id.c
@@ -1,3 +1,4 @@
+#include "git-compat-util.h"
 #include "builtin.h"
 #include "config.h"
 #include "diff.h"
@@ -29,14 +30,16 @@ static int scan_hunk_header(const char *p, int *p_before, int *p_after)
 {
 	static const char digits[] = "0123456789";
 	const char *q, *r;
+	char *endp;
 	int n;
 
 	q = p + 4;
 	n = strspn(q, digits);
 	if (q[n] == ',') {
 		q += n + 1;
-		*p_before = atoi(q);
-		n = strspn(q, digits);
+		if (strtoi_with_tail(q, 10, p_before, &endp) != 0)
+			return 0;
+		n = endp - q;
 	} else {
 		*p_before = 1;
 	}
@@ -48,8 +51,9 @@ static int scan_hunk_header(const char *p, int *p_before, int *p_after)
 	n = strspn(r, digits);
 	if (r[n] == ',') {
 		r += n + 1;
-		*p_after = atoi(r);
-		n = strspn(r, digits);
+		if (strtoi_with_tail(r, 10, p_after, &endp) != 0)
+			return 0;
+		n = endp - r;
 	} else {
 		*p_after = 1;
 	}