diff options
author | Jeff King <peff@peff.net> | 2015-09-24 17:06:44 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2015-09-25 10:18:18 -0700 |
commit | c3bb0ac796c21490f478914441526817e4685606 (patch) | |
tree | 59e6bba21c971116ee5afdf3de2020d54d03d553 /sha1_name.c | |
parent | ef1286d3c0ba714c6c2ae87e14edf3c462aef114 (diff) | |
download | git-c3bb0ac796c21490f478914441526817e4685606.tar.gz |
find_short_object_filename: convert sprintf to xsnprintf
We use sprintf() to format some hex data into a buffer. The
buffer is clearly long enough, and using snprintf here is
not necessary. And in fact, it does not really make anything
easier to audit, as the size we feed to snprintf accounts
for the magic extra 42 bytes found in each alt->name field
of struct alternate_object_database (which is there exactly
to do this formatting).
Still, it is nice to remove an sprintf call and replace it
with an xsnprintf and explanatory comment, which makes it
easier to audit the code base for overflows.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'sha1_name.c')
-rw-r--r-- | sha1_name.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/sha1_name.c b/sha1_name.c index c58b4771c0..80753b6770 100644 --- a/sha1_name.c +++ b/sha1_name.c @@ -96,11 +96,15 @@ static void find_short_object_filename(int len, const char *hex_pfx, struct disa } fakeent->next = alt_odb_list; - sprintf(hex, "%.2s", hex_pfx); + xsnprintf(hex, sizeof(hex), "%.2s", hex_pfx); for (alt = fakeent; alt && !ds->ambiguous; alt = alt->next) { struct dirent *de; DIR *dir; - sprintf(alt->name, "%.2s/", hex_pfx); + /* + * every alt_odb struct has 42 extra bytes after the base + * for exactly this purpose + */ + xsnprintf(alt->name, 42, "%.2s/", hex_pfx); dir = opendir(alt->base); if (!dir) continue; |