blame: prefer xsnprintf to strcpy for colors

Our color buffers are all COLOR_MAXLEN, which fits the
largest possible color. So we can never overflow the buffer
by copying an existing color. However, using strcpy() makes
it harder to audit the code-base for calls that _are_
problems. We should use something like xsnprintf(), which
shows the reader that we expect this never to fail (and
provides a run-time assertion if it does, just in case).

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/builtin/blame.c b/builtin/blame.c
index dc7870a56172b6aedd15df5a3dd21485442c1077..758cd39dd17b428b780c8e6d336cba8b86a67ea4 100644 (file)
--- a/builtin/blame.c
+++ b/builtin/blame.c
@@ -1060,7 +1060,9 @@ parse_done:
                find_alignment(&sb, &output_option);
                if (!*repeated_meta_color &&
                    (output_option & OUTPUT_COLOR_LINE))
-                       strcpy(repeated_meta_color, GIT_COLOR_CYAN);
+                       xsnprintf(repeated_meta_color,
+                                 sizeof(repeated_meta_color),
+                                 "%s", GIT_COLOR_CYAN);
        }
        if (output_option & OUTPUT_ANNOTATE_COMPAT)
                output_option &= ~(OUTPUT_COLOR_LINE | OUTPUT_SHOW_AGE_WITH_COLOR);