summaryrefslogtreecommitdiff
path: root/sha1_name.c
diff options
context:
space:
mode:
authorJeff King <peff@peff.net>2015-09-24 17:06:44 -0400
committerJunio C Hamano <gitster@pobox.com>2015-09-25 10:18:18 -0700
commitc3bb0ac796c21490f478914441526817e4685606 (patch)
tree59e6bba21c971116ee5afdf3de2020d54d03d553 /sha1_name.c
parentef1286d3c0ba714c6c2ae87e14edf3c462aef114 (diff)
downloadgit-c3bb0ac796c21490f478914441526817e4685606.tar.gz
find_short_object_filename: convert sprintf to xsnprintf
We use sprintf() to format some hex data into a buffer. The buffer is clearly long enough, and using snprintf here is not necessary. And in fact, it does not really make anything easier to audit, as the size we feed to snprintf accounts for the magic extra 42 bytes found in each alt->name field of struct alternate_object_database (which is there exactly to do this formatting). Still, it is nice to remove an sprintf call and replace it with an xsnprintf and explanatory comment, which makes it easier to audit the code base for overflows. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'sha1_name.c')
-rw-r--r--sha1_name.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/sha1_name.c b/sha1_name.c
index c58b4771c0..80753b6770 100644
--- a/sha1_name.c
+++ b/sha1_name.c
@@ -96,11 +96,15 @@ static void find_short_object_filename(int len, const char *hex_pfx, struct disa
}
fakeent->next = alt_odb_list;
- sprintf(hex, "%.2s", hex_pfx);
+ xsnprintf(hex, sizeof(hex), "%.2s", hex_pfx);
for (alt = fakeent; alt && !ds->ambiguous; alt = alt->next) {
struct dirent *de;
DIR *dir;
- sprintf(alt->name, "%.2s/", hex_pfx);
+ /*
+ * every alt_odb struct has 42 extra bytes after the base
+ * for exactly this purpose
+ */
+ xsnprintf(alt->name, 42, "%.2s/", hex_pfx);
dir = opendir(alt->base);
if (!dir)
continue;