apply.c: fix -p argument parsing

"git apply" has an option -p that takes an integer as its argument. Unfortunately the function apply_option_parse_p() in charge of parsing this argument uses atoi() to convert from string to integer, which allows a non-digit after the number (e.g. "1q") to be silently ignored. As a consequence, an argument that does not begin with a digit silently becomes a zero. Despite this command working fine when a non-positive argument is passed, it might be useful for the end user to know that their input contains non-digits that might've been unintended. Replace atoi() with strtol_i() to catch malformed inputs. Signed-off-by: Mirko Faina <mroik@delayed.space> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2026-03-11 09:29:49 +01:00 · 2026-03-10 06:06:15 +01:00
parent 67ad42147a
commit bb889238a5
3 changed files with 38 additions and 1 deletions
--- a/apply.c
+++ b/apply.c
@@ -4961,7 +4961,8 @@ static int apply_option_parse_p(const struct option *opt,

 	BUG_ON_OPT_NEG(unset);

-	state->p_value = atoi(arg);
+	if (strtol_i(arg, 10, &state->p_value) < 0 || state->p_value < 0)
+		die("<num> has to be a non-negative integer");
 	state->p_value_known = 1;
 	return 0;
 }
--- a/t/t4120-apply-popt.sh
+++ b/t/t4120-apply-popt.sh
@@ -23,6 +23,27 @@ test_expect_success setup '
 	rmdir süb
 '

+test_expect_success 'git apply -p 1 patch' '
+	test_when_finished "rm -rf t" &&
+	git apply -p 1 $TEST_DIRECTORY/t4120/patch &&
+	test_path_is_dir t
+'
+
+test_expect_success 'apply fails due to non-num -p' '
+	test_when_finished "rm -rf t test" &&
+	test_must_fail git apply -p malformed $TEST_DIRECTORY/t4120/patch
+'
+
+test_expect_success 'apply fails due to trailing non-digit in -p' '
+	test_when_finished "rm -rf t test" &&
+	test_must_fail git apply -p 2q $TEST_DIRECTORY/t4120/patch
+'
+
+test_expect_success 'apply fails due to negative number in -p' '
+	test_when_finished "rm -rf t test" &&
+	test_must_fail git apply -p -1 $TEST_DIRECTORY/t4120/patch
+'
+
 test_expect_success 'apply git diff with -p2' '
 	cp file1.saved file1 &&
 	git apply -p2 patch.file
--- a/t/t4120/patch
+++ b/t/t4120/patch
@@ -0,0 +1,15 @@
+From 90ad11d5b2d437e82d4d992f72fb44c2227798b5 Mon Sep 17 00:00:00 2001
+From: Mroik <mroik@delayed.space>
+Date: Mon, 9 Mar 2026 23:25:00 +0100
+Subject: [PATCH] Test
+
+---
+ t/test/test | 0
+ 1 file changed, 0 insertions(+), 0 deletions(-)
+ create mode 100644 t/test/test
+
+diff --git a/t/test/test b/t/test/test
+new file mode 100644
+index 0000000000..e69de29bb2
+--
+2.53.0.851.ga537e3e6e9