path: root/builtin/notes.c
diff options
authorJeff King <>2017-03-28 19:46:50 (GMT)
committerJunio C Hamano <>2017-03-30 21:59:50 (GMT)
commit5b1ef2cef4ff9d3213ec81465b99affb4a7c8083 (patch)
treedca13ceebc0aadd97f91bfcab3299407a10e6523 /builtin/notes.c
parent446d5d911214fd3d61921478c98d4a88f84e410c (diff)
replace unchecked snprintf calls with heap buffers
We'd prefer to avoid unchecked snprintf calls because truncation can lead to unexpected results. These are all cases where truncation shouldn't ever happen, because the input to snprintf is fixed in size. That makes them candidates for xsnprintf(), but it's simpler still to just use the heap, and then nobody has to wonder if "100" is big enough. We'll use xstrfmt() where possible, and a strbuf when we need the resulting size or to reuse the same buffer in a loop. Signed-off-by: Jeff King <>
Diffstat (limited to 'builtin/notes.c')
1 files changed, 4 insertions, 5 deletions
diff --git a/builtin/notes.c b/builtin/notes.c
index 0513f74..7b89147 100644
--- a/builtin/notes.c
+++ b/builtin/notes.c
@@ -554,7 +554,7 @@ static int append_edit(int argc, const char **argv, const char *prefix)
struct notes_tree *t;
unsigned char object[20], new_note[20];
const unsigned char *note;
- char logmsg[100];
+ char *logmsg;
const char * const *usage;
struct note_data d = { 0, 0, NULL, STRBUF_INIT };
struct option options[] = {
@@ -618,17 +618,16 @@ static int append_edit(int argc, const char **argv, const char *prefix)
write_note_data(&d, new_note);
if (add_note(t, object, new_note, combine_notes_overwrite))
die("BUG: combine_notes_overwrite failed");
- snprintf(logmsg, sizeof(logmsg), "Notes added by 'git notes %s'",
- argv[0]);
+ logmsg = xstrfmt("Notes added by 'git notes %s'", argv[0]);
} else {
fprintf(stderr, _("Removing note for object %s\n"),
remove_note(t, object);
- snprintf(logmsg, sizeof(logmsg), "Notes removed by 'git notes %s'",
- argv[0]);
+ logmsg = xstrfmt("Notes removed by 'git notes %s'", argv[0]);
commit_notes(t, logmsg);
+ free(logmsg);
return 0;