diff options
| author | Jeff King <peff@peff.net> | 2018-07-13 20:43:50 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2018-07-16 20:59:39 (GMT) |
| commit | 022d2ac1f3f89f5af1e712f72bfc69c716d64926 (patch) | |
| tree | eebe147e971a2617ccc5c5f420a6a79d936ac4b6 /builtin | |
| parent | 297bdf0791540fb3e98676a59828dd8a331d6615 (diff) | |
| download | git-022d2ac1f3f89f5af1e712f72bfc69c716d64926.zip git-022d2ac1f3f89f5af1e712f72bfc69c716d64926.tar.gz git-022d2ac1f3f89f5af1e712f72bfc69c716d64926.tar.bz2 | |
blame: prefer xsnprintf to strcpy for colors
Our color buffers are all COLOR_MAXLEN, which fits the
largest possible color. So we can never overflow the buffer
by copying an existing color. However, using strcpy() makes
it harder to audit the code-base for calls that _are_
problems. We should use something like xsnprintf(), which
shows the reader that we expect this never to fail (and
provides a run-time assertion if it does, just in case).
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'builtin')
| -rw-r--r-- | builtin/blame.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/builtin/blame.c b/builtin/blame.c index dc7870a..758cd39 100644 --- a/builtin/blame.c +++ b/builtin/blame.c @@ -1060,7 +1060,9 @@ parse_done: find_alignment(&sb, &output_option); if (!*repeated_meta_color && (output_option & OUTPUT_COLOR_LINE)) - strcpy(repeated_meta_color, GIT_COLOR_CYAN); + xsnprintf(repeated_meta_color, + sizeof(repeated_meta_color), + "%s", GIT_COLOR_CYAN); } if (output_option & OUTPUT_ANNOTATE_COMPAT) output_option &= ~(OUTPUT_COLOR_LINE | OUTPUT_SHOW_AGE_WITH_COLOR); |