show_ident_date: fix tz range check

Commit 1dca155fe3fa (log: handle integer overflow in
timestamps, 2014-02-24) tried to catch integer overflow
coming from strtol() on the timezone field by comparing against
LONG_MIN/LONG_MAX. However, the intermediate "tz" variable
is an "int", which means it can never be LONG_MAX on LP64
systems; we would truncate the output from strtol before the
comparison.

Clang's -Wtautological-constant-out-of-range-compare notices
this and rightly complains.

Let's instead store the result of strtol in a long, and then
compare it against INT_MIN/INT_MAX. This will catch overflow
from strtol, and also overflow when we pass the result as an
int to show_date.

Reported-by: Eric Sunshine <sunshine@sunshineco.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/pretty.c b/pretty.c
index 4da9a682f3bd6f8d5ae40c5eac8af01c87f28496..4d4c1e95625e5758efc8945a67a8ca0776b219fc 100644 (file)
--- a/pretty.c
+++ b/pretty.c
@@ -397,7 +397,7 @@ static const char *show_ident_date(const struct ident_split *ident,
                                   enum date_mode mode)
 {
        unsigned long date = 0;
-       int tz = 0;
+       long tz = 0;
 
        if (ident->date_begin && ident->date_end)
                date = strtoul(ident->date_begin, NULL, 10);
@@ -406,7 +406,7 @@ static const char *show_ident_date(const struct ident_split *ident,
        else {
                if (ident->tz_begin && ident->tz_end)
                        tz = strtol(ident->tz_begin, NULL, 10);
-               if (tz == LONG_MAX || tz == LONG_MIN)
+               if (tz >= INT_MAX || tz <= INT_MIN)
                        tz = 0;
        }
        return show_date(date, tz, mode);