diff panics (integer parse overflow) on an oversized inline context count (`-c<N>`/`-u<N>`/`-C<N>`/`-U<N>`)

[leeewee]

Summary

diff with an inline numeric context count whose digits exceed usize::MAX — e.g. -u99999999999999999999, -c99999999999999999999, --context=…, --unified=…, -C…, -U… — panics and aborts (exit 134). The option parser captures the digit run with a regex, then does numvalue.as_str().parse::<usize>().unwrap(); an out-of-range value makes parse return Err(PosOverflow) and the bare .unwrap() aborts. GNU diff accepts the oversized count (clamps it) and produces the diff normally, exit 1.

Steps to reproduce

$ printf 'a\n' > f1; printf 'b\n' > f2
$ diffutils diff -u99999999999999999999 f1 f2
thread 'main' panicked at src/params.rs:323:73:
called `Result::unwrap()` on an `Err` value: ParseIntError { kind: PosOverflow }
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Aborted (core dumped)
$ echo $?
134

The context (-c/-C/--context) forms hit the sibling site src/params.rs:279:

$ diffutils diff -c99999999999999999999 f1 f2
thread 'main' panicked at src/params.rs:279:73:
called `Result::unwrap()` on an `Err` value: ParseIntError { kind: PosOverflow }
$ echo $?
134

Root cause

parse_params in src/params.rs captures the count with a regex \d+/\d*
that does not bound the digit-run length, then unwraps the parse:

// src/params.rs:279 (context) and :323 (unified)
let context = numvalue.as_str().parse::<usize>().unwrap();

A digit string larger than usize::MAX (e.g. 99999999999999999999) parses to Err(ParseIntError { kind: PosOverflow }), and the unconditional .unwrap() aborts.

Found by our static analysis tooling.