diff options
| author | Jeff King <peff@peff.net> | 2015-09-24 17:07:03 -0400 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2015-09-25 10:18:18 -0700 |
| commit | 75faa45ae0230b321bf72027b2274315d7e14e34 (patch) | |
| tree | 3b4aa1b362078ba4db498a087f3330ffe7affbd8 /setup.c | |
| parent | b7115a350b5c01ce0ae7a8735e4235d4b2367b5f (diff) | |
| download | git-75faa45ae0230b321bf72027b2274315d7e14e34.tar.gz | |
replace trivial malloc + sprintf / strcpy calls with xstrfmt
It's a common pattern to do:
foo = xmalloc(strlen(one) + strlen(two) + 1 + 1);
sprintf(foo, "%s %s", one, two);
(or possibly some variant with strcpy()s or a more
complicated length computation). We can switch these to use
xstrfmt, which is shorter, involves less error-prone manual
computation, and removes many sprintf and strcpy calls which
make it harder to audit the code for real buffer overflows.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'setup.c')
| -rw-r--r-- | setup.c | 12 |
1 files changed, 3 insertions, 9 deletions
@@ -99,10 +99,7 @@ char *prefix_path_gently(const char *prefix, int len, return NULL; } } else { - sanitized = xmalloc(len + strlen(path) + 1); - if (len) - memcpy(sanitized, prefix, len); - strcpy(sanitized + len, path); + sanitized = xstrfmt("%.*s%s", len, prefix, path); if (remaining_prefix) *remaining_prefix = len; if (normalize_path_copy_len(sanitized, sanitized, remaining_prefix)) { @@ -468,11 +465,8 @@ const char *read_gitfile_gently(const char *path, int *return_error_code) if (!is_absolute_path(dir) && (slash = strrchr(path, '/'))) { size_t pathlen = slash+1 - path; - size_t dirlen = pathlen + len - 8; - dir = xmalloc(dirlen + 1); - strncpy(dir, path, pathlen); - strncpy(dir + pathlen, buf + 8, len - 8); - dir[dirlen] = '\0'; + dir = xstrfmt("%.*s%.*s", (int)pathlen, path, + (int)(len - 8), buf + 8); free(buf); buf = dir; } |