diff options
| author | Jeff King <peff@peff.net> | 2015-09-24 21:06:08 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2015-09-25 17:18:18 (GMT) |
| commit | 5096d4909f9b13c7a650d9dbb7c9702ea7413566 (patch) | |
| tree | 07229a8952f2d6782f3064d9dfd1e7855e8e5269 /builtin/gc.c | |
| parent | db85a8a9c2fb492d3cd528dbbcc52075c607cf79 (diff) | |
| download | git-5096d4909f9b13c7a650d9dbb7c9702ea7413566.zip git-5096d4909f9b13c7a650d9dbb7c9702ea7413566.tar.gz git-5096d4909f9b13c7a650d9dbb7c9702ea7413566.tar.bz2 | |
convert trivial sprintf / strcpy calls to xsnprintf
We sometimes sprintf into fixed-size buffers when we know
that the buffer is large enough to fit the input (either
because it's a constant, or because it's numeric input that
is bounded in size). Likewise with strcpy of constant
strings.
However, these sites make it hard to audit sprintf and
strcpy calls for buffer overflows, as a reader has to
cross-reference the size of the array with the input. Let's
use xsnprintf instead, which communicates to a reader that
we don't expect this to overflow (and catches the mistake in
case we do).
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'builtin/gc.c')
| -rw-r--r-- | builtin/gc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/builtin/gc.c b/builtin/gc.c index 0ad8d30..57584bc 100644 --- a/builtin/gc.c +++ b/builtin/gc.c @@ -194,7 +194,7 @@ static const char *lock_repo_for_gc(int force, pid_t* ret_pid) return NULL; if (gethostname(my_host, sizeof(my_host))) - strcpy(my_host, "unknown"); + xsnprintf(my_host, sizeof(my_host), "unknown"); pidfile_path = git_pathdup("gc.pid"); fd = hold_lock_file_for_update(&lock, pidfile_path, |