• Jeff King's avatar
    convert trivial sprintf / strcpy calls to xsnprintf · 5096d490
    Jeff King authored
    We sometimes sprintf into fixed-size buffers when we know
    that the buffer is large enough to fit the input (either
    because it's a constant, or because it's numeric input that
    is bounded in size). Likewise with strcpy of constant
    However, these sites make it hard to audit sprintf and
    strcpy calls for buffer overflows, as a reader has to
    cross-reference the size of the array with the input. Let's
    use xsnprintf instead, which communicates to a reader that
    we don't expect this to overflow (and catches the mistake in
    case we do).
    Signed-off-by: default avatarJeff King <peff@peff.net>
    Signed-off-by: default avatarJunio C Hamano <gitster@pobox.com>
archive-tar.c 11 KB