git.ipfire.org Git - thirdparty/git.git/commit

author	Jeff King <peff@peff.net>
	Tue, 24 Jul 2018 09:27:19 +0000 (05:27 -0400)
committer	Junio C Hamano <gitster@pobox.com>
	Thu, 26 Jul 2018 17:12:51 +0000 (10:12 -0700)
commit	cc8fdaee1eeaf05d8dd55ff11f111b815f673c58
tree	f24f38a5d58aef9c435bf12c7c3b5d402b922c93	tree \| snapshot
parent	1b11b64b815db62f93a04242e4aed5687a448748	commit \| diff

banned.h: mark sprintf() as banned

The sprintf() function (and its variadic form vsprintf) make
it easy to accidentally introduce a buffer overflow. If
you're thinking of using them, you're better off either
using a dynamic string (strbuf or xstrfmt), or xsnprintf if
you really know that you won't overflow. The last sprintf()
call went away quite a while ago in f0766bf94e (fsck: use
for_each_loose_file_in_objdir, 2015-09-24).

Note that we respect HAVE_VARIADIC_MACROS here, which some
ancient platforms lack. As a fallback, we can just "guess"
that the caller will provide 3 arguments. If they do, then
the macro will work as usual. If not, then they'll get a
slightly less useful error, like:

git.c:718:24: error: macro "sprintf" passed 3 arguments, but takes just 2

That's not ideal, but it at least alerts them to the problem
area. And anyway, we're primarily targeting people adding
new code. Most developers should be on modern enough
platforms to see the normal "good" error message.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>