path: root/http.c
diff options
authorJeff King <>2017-03-28 19:46:56 (GMT)
committerJunio C Hamano <>2017-03-30 21:59:50 (GMT)
commit1a168e5c86d2c6cbb57429473357bdf1acdec63c (patch)
tree7a22f1e29fad8eb65e1fb7e9eec01bd10c37716b /http.c
parent0dc3b035e03a4028a22cd2a8b5f21086e3227047 (diff)
convert unchecked snprintf into xsnprintf
These calls to snprintf should always succeed, because their input is small and fixed. Let's use xsnprintf to make sure this is the case (and to make auditing for actual truncation easier). These could be candidates for turning into heap buffers, but they fall into a few broad categories that make it not worth doing: - formatting single numbers is simple enough that we can see the result should fit - the size of a sha1 is likewise well-known, and I didn't want to cause unnecessary conflicts with the ongoing process to convert these constants to GIT_MAX_HEXSZ - the interface for curl_errorstr is dictated by curl Signed-off-by: Jeff King <>
Diffstat (limited to 'http.c')
1 files changed, 5 insertions, 5 deletions
diff --git a/http.c b/http.c
index 96d84bb..8d94e2c 100644
--- a/http.c
+++ b/http.c
@@ -1366,9 +1366,9 @@ static int handle_curl_result(struct slot_results *results)
* FAILONERROR it is lost, so we can give only the numeric
* status code.
- snprintf(curl_errorstr, sizeof(curl_errorstr),
- "The requested URL returned error: %ld",
- results->http_code);
+ xsnprintf(curl_errorstr, sizeof(curl_errorstr),
+ "The requested URL returned error: %ld",
+ results->http_code);
if (results->curl_result == CURLE_OK) {
@@ -1410,8 +1410,8 @@ int run_one_slot(struct active_request_slot *slot,
slot->results = results;
if (!start_active_slot(slot)) {
- snprintf(curl_errorstr, sizeof(curl_errorstr),
- "failed to start HTTP request");
+ xsnprintf(curl_errorstr, sizeof(curl_errorstr),
+ "failed to start HTTP request");