From: Junio C Hamano Date: Wed, 30 May 2018 12:51:27 +0000 (+0900) Subject: Merge branch 'jk/snprintf-truncation' X-Git-Tag: v2.18.0-rc0~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7c3d15fe3113cf48db60656eedd152c46f47bf6b;p=thirdparty%2Fgit.git Merge branch 'jk/snprintf-truncation' Avoid unchecked snprintf() to make future code auditing easier. * jk/snprintf-truncation: fmt_with_err: add a comment that truncation is OK shorten_unambiguous_ref: use xsnprintf fsmonitor: use internal argv_array of struct child_process log_write_email_headers: use strbufs http: use strbufs instead of fixed buffers --- 7c3d15fe3113cf48db60656eedd152c46f47bf6b diff --cc http.c index d9155972d6,fc5fff90a7..deea47411a --- a/http.c +++ b/http.c @@@ -2105,9 -2110,9 +2106,9 @@@ int finish_http_pack_request(struct htt lst = &((*lst)->next); *lst = (*lst)->next; - if (!strip_suffix(preq->tmpfile, ".pack.temp", &len)) + if (!strip_suffix(preq->tmpfile.buf, ".pack.temp", &len)) - die("BUG: pack tmpfile does not end in .pack.temp?"); + BUG("pack tmpfile does not end in .pack.temp?"); - tmp_idx = xstrfmt("%.*s.idx.temp", (int)len, preq->tmpfile); + tmp_idx = xstrfmt("%.*s.idx.temp", (int)len, preq->tmpfile.buf); argv_array_push(&ip.args, "index-pack"); argv_array_pushl(&ip.args, "-o", tmp_idx, NULL); @@@ -2244,14 -2251,13 +2247,13 @@@ struct http_object_request *new_http_ob hashcpy(freq->sha1, sha1); freq->localfile = -1; - sha1_file_name(&filename, sha1); + sha1_file_name(the_repository, &filename, sha1); - snprintf(freq->tmpfile, sizeof(freq->tmpfile), - "%s.temp", filename.buf); + strbuf_addf(&freq->tmpfile, "%s.temp", filename.buf); - snprintf(prevfile, sizeof(prevfile), "%s.prev", filename.buf); - unlink_or_warn(prevfile); - rename(freq->tmpfile, prevfile); - unlink_or_warn(freq->tmpfile); + strbuf_addf(&prevfile, "%s.prev", filename.buf); + unlink_or_warn(prevfile.buf); + rename(freq->tmpfile.buf, prevfile.buf); + unlink_or_warn(freq->tmpfile.buf); strbuf_release(&filename); if (freq->localfile != -1) @@@ -2390,11 -2399,12 +2395,11 @@@ int finish_http_object_request(struct h return -1; } if (hashcmp(freq->sha1, freq->real_sha1)) { - unlink_or_warn(freq->tmpfile); + unlink_or_warn(freq->tmpfile.buf); return -1; } - - sha1_file_name(&filename, freq->sha1); + sha1_file_name(the_repository, &filename, freq->sha1); - freq->rename = finalize_object_file(freq->tmpfile, filename.buf); + freq->rename = finalize_object_file(freq->tmpfile.buf, filename.buf); strbuf_release(&filename); return freq->rename; diff --cc log-tree.c index 724bae0de2,4e83d7125b..4aef85331e --- a/log-tree.c +++ b/log-tree.c @@@ -386,12 -385,16 +386,16 @@@ void log_write_email_headers(struct rev opt->ref_message_ids->items[i].string); graph_show_oneline(opt->graph); } - if (opt->mime_boundary) { + if (opt->mime_boundary && maybe_multipart) { - static char subject_buffer[1024]; - static char buffer[1024]; + static struct strbuf subject_buffer = STRBUF_INIT; + static struct strbuf buffer = STRBUF_INIT; struct strbuf filename = STRBUF_INIT; *need_8bit_cte_p = -1; /* NEVER */ - snprintf(subject_buffer, sizeof(subject_buffer) - 1, + + strbuf_reset(&subject_buffer); + strbuf_reset(&buffer); + + strbuf_addf(&subject_buffer, "%s" "MIME-Version: 1.0\n" "Content-Type: multipart/mixed;"