diff options
| author | Jeff King <peff@peff.net> | 2017-03-28 15:46:50 -0400 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2017-03-30 14:59:50 -0700 |
| commit | 5b1ef2cef4ff9d3213ec81465b99affb4a7c8083 (patch) | |
| tree | dca13ceebc0aadd97f91bfcab3299407a10e6523 /builtin/rev-parse.c | |
| parent | 446d5d911214fd3d61921478c98d4a88f84e410c (diff) | |
| download | git-5b1ef2cef4ff9d3213ec81465b99affb4a7c8083.tar.gz | |
replace unchecked snprintf calls with heap buffers
We'd prefer to avoid unchecked snprintf calls because
truncation can lead to unexpected results.
These are all cases where truncation shouldn't ever happen,
because the input to snprintf is fixed in size. That makes
them candidates for xsnprintf(), but it's simpler still to
just use the heap, and then nobody has to wonder if "100" is
big enough.
We'll use xstrfmt() where possible, and a strbuf when we need
the resulting size or to reuse the same buffer in a loop.
Signed-off-by: Jeff King <peff@peff.net>
Diffstat (limited to 'builtin/rev-parse.c')
| -rw-r--r-- | builtin/rev-parse.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/builtin/rev-parse.c b/builtin/rev-parse.c index 9e53a1a7ca..f54d7b5028 100644 --- a/builtin/rev-parse.c +++ b/builtin/rev-parse.c @@ -213,13 +213,14 @@ static int show_abbrev(const unsigned char *sha1, void *cb_data) static void show_datestring(const char *flag, const char *datestr) { - static char buffer[100]; + char *buffer; /* date handling requires both flags and revs */ if ((filter & (DO_FLAGS | DO_REVS)) != (DO_FLAGS | DO_REVS)) return; - snprintf(buffer, sizeof(buffer), "%s%lu", flag, approxidate(datestr)); + buffer = xstrfmt("%s%lu", flag, approxidate(datestr)); show(buffer); + free(buffer); } static int show_file(const char *arg, int output_prefix) |