diff options
author | René Scharfe <rene.scharfe@lsrfire.ath.cx> | 2010-02-08 00:30:20 +0100 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2010-02-07 15:40:27 -0800 |
commit | fe12d8e84f745303d64757307e9a6a81a6608018 (patch) | |
tree | 0e0fbad1cb5efcb49c893c5a94f2bcbdc15754af /builtin-archive.c | |
parent | 2b26e0e18907132eaac2a8163de0cac552217082 (diff) | |
download | git-fe12d8e84f745303d64757307e9a6a81a6608018.tar.gz |
archive: simplify archive format guessing
The code to guess an output archive's format consumed any --format
options and built a new one. Jonathan noticed that it does so in an
unsafe way, risking to overflow the static buffer fmt_opt.
Change the code to keep the existing --format options intact and to only
add a new one if a format could be guessed based on the output file name.
The new option is added as the first one, allowing the existing ones to
overrule it, i.e. explicit --format options given on the command line win
over format guesses, as before.
To simplify the code further, format_from_name() is changed to return the
full --format option, thus no potentially dangerous sprintf() calls are
needed any more.
Reported-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Rene Scharfe <rene.scharfe@lsrfire.ath.cx>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'builtin-archive.c')
-rw-r--r-- | builtin-archive.c | 34 |
1 files changed, 16 insertions, 18 deletions
diff --git a/builtin-archive.c b/builtin-archive.c index 446d6bff30..faf4554d5e 100644 --- a/builtin-archive.c +++ b/builtin-archive.c @@ -67,7 +67,7 @@ static const char *format_from_name(const char *filename) return NULL; ext++; if (!strcasecmp(ext, "zip")) - return "zip"; + return "--format=zip"; return NULL; } @@ -81,7 +81,7 @@ int cmd_archive(int argc, const char **argv, const char *prefix) const char *exec = "git-upload-archive"; const char *output = NULL; const char *remote = NULL; - const char *format = NULL; + const char *format_option = NULL; struct option local_opts[] = { OPT_STRING('o', "output", &output, "file", "write the archive to this file"), @@ -89,33 +89,31 @@ int cmd_archive(int argc, const char **argv, const char *prefix) "retrieve the archive from remote repository <repo>"), OPT_STRING(0, "exec", &exec, "cmd", "path to the remote git-upload-archive command"), - OPT_STRING(0, "format", &format, "fmt", "archive format"), OPT_END() }; - char fmt_opt[32]; argc = parse_options(argc, argv, prefix, local_opts, NULL, PARSE_OPT_KEEP_ALL); if (output) { create_output_file(output); - if (!format) - format = format_from_name(output); + format_option = format_from_name(output); } - if (format) { - sprintf(fmt_opt, "--format=%s", format); - /* - * We have enough room in argv[] to muck it in place, - * because either --format and/or --output must have - * been given on the original command line if we get - * to this point, and parse_options() must have eaten - * it, i.e. we can add back one element to the array. - * But argv[] may contain "--"; we should make it the - * first option. - */ + /* + * We have enough room in argv[] to muck it in place, because + * --output must have been given on the original command line + * if we get to this point, and parse_options() must have eaten + * it, i.e. we can add back one element to the array. + * + * We add a fake --format option at the beginning, with the + * format inferred from our output filename. This way explicit + * --format options can override it, and the fake option is + * inserted before any "--" that might have been given. + */ + if (format_option) { memmove(argv + 2, argv + 1, sizeof(*argv) * argc); - argv[1] = fmt_opt; + argv[1] = format_option; argv[++argc] = NULL; } |