| commit | b7115a350b5c01ce0ae7a8735e4235d4b2367b5f | |
| author | Jeff King <peff@peff.net> | |
| Thu, 24 Sep 2015 21:07:00 +0000 (24 17:07 -0400) | ||
| committer | Junio C Hamano <gitster@pobox.com> | |
| Fri, 25 Sep 2015 17:18:18 +0000 (25 10:18 -0700) | ||
| tree | c61ee7939864a8d3a82abcc26fe803851599f0f4 | treesnapshot (tar.gz zip) |
| parent | 0cc41428596ec1cd3862918ef781793ef7346ba5 | commitdiff |
receive-pack: convert strncpy to xsnprintf
This strncpy is pointless; we pass the strlen() of the src
string, meaning that it works just like a memcpy. Worse,
though, is that the size has no relation to the destination
buffer, meaning it is a potential overflow. In practice,
it's not. We pass only short constant strings like
"warning: " and "error: ", which are much smaller than the
destination buffer.
We can make this much simpler by just using xsnprintf, which
will check for overflow and return the size for our next
vsnprintf, without us having to run a separate strlen().
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This strncpy is pointless; we pass the strlen() of the src
string, meaning that it works just like a memcpy. Worse,
though, is that the size has no relation to the destination
buffer, meaning it is a potential overflow. In practice,
it's not. We pass only short constant strings like
"warning: " and "error: ", which are much smaller than the
destination buffer.
We can make this much simpler by just using xsnprintf, which
will check for overflow and return the size for our next
vsnprintf, without us having to run a separate strlen().
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| builtin/receive-pack.c | diffblobblamehistory |