convert trivial sprintf / strcpy calls to xsnprintf

We sometimes sprintf into fixed-size buffers when we know that the buffer is large enough to fit the input (either because it's a constant, or because it's numeric input that is bounded in size). Likewise with strcpy of constant strings. However, these sites make it hard to audit sprintf and strcpy calls for buffer overflows, as a reader has to cross-reference the size of the array with the input. Let's use xsnprintf instead, which communicates to a reader that we don't expect this to overflow (and catches the mistake in case we do). Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Jeff King <peff@peff.net> 2015-09-24 17:06:08 -0400
committer: Junio C Hamano <gitster@pobox.com> 2015-09-25 10:18:18 -0700
commit: 5096d4909f9b13c7a650d9dbb7c9702ea7413566 (patch)
tree: 07229a8952f2d6782f3064d9dfd1e7855e8e5269 /convert.c
parent: db85a8a9c2fb492d3cd528dbbcc52075c607cf79 (diff)
download: git-5096d4909f9b13c7a650d9dbb7c9702ea7413566.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/convert.c b/convert.c
index f3bd3e93fb..814e814438 100644
--- a/convert.c
+++ b/convert.c
@@ -1289,7 +1289,8 @@ static struct stream_filter *ident_filter(const unsigned char *sha1)
 {
 	struct ident_filter *ident = xmalloc(sizeof(*ident));
 
-	sprintf(ident->ident, ": %s $", sha1_to_hex(sha1));
+	xsnprintf(ident->ident, sizeof(ident->ident),
+		  ": %s $", sha1_to_hex(sha1));
 	strbuf_init(&ident->left, 0);
 	ident->filter.vtbl = &ident_vtbl;
 	ident->state = 0;
author	Jeff King <peff@peff.net>	2015-09-24 17:06:08 -0400
committer	Junio C Hamano <gitster@pobox.com>	2015-09-25 10:18:18 -0700
commit	5096d4909f9b13c7a650d9dbb7c9702ea7413566 (patch)
tree	07229a8952f2d6782f3064d9dfd1e7855e8e5269 /convert.c
parent	db85a8a9c2fb492d3cd528dbbcc52075c607cf79 (diff)
download	git-5096d4909f9b13c7a650d9dbb7c9702ea7413566.tar.gz