From 1a168e5c86d2c6cbb57429473357bdf1acdec63c Mon Sep 17 00:00:00 2001 From: Jeff King Date: Tue, 28 Mar 2017 15:46:56 -0400 Subject: convert unchecked snprintf into xsnprintf These calls to snprintf should always succeed, because their input is small and fixed. Let's use xsnprintf to make sure this is the case (and to make auditing for actual truncation easier). These could be candidates for turning into heap buffers, but they fall into a few broad categories that make it not worth doing: - formatting single numbers is simple enough that we can see the result should fit - the size of a sha1 is likewise well-known, and I didn't want to cause unnecessary conflicts with the ongoing process to convert these constants to GIT_MAX_HEXSZ - the interface for curl_errorstr is dictated by curl Signed-off-by: Jeff King --- grep.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'grep.c') diff --git a/grep.c b/grep.c index 56ef0ecbff..47cee45067 100644 --- a/grep.c +++ b/grep.c @@ -1171,7 +1171,7 @@ static void show_line(struct grep_opt *opt, char *bol, char *eol, } if (opt->linenum) { char buf[32]; - snprintf(buf, sizeof(buf), "%d", lno); + xsnprintf(buf, sizeof(buf), "%d", lno); output_color(opt, buf, strlen(buf), opt->color_lineno); output_sep(opt, sign); } @@ -1653,7 +1653,7 @@ static int grep_source_1(struct grep_opt *opt, struct grep_source *gs, int colle opt->color_filename); output_sep(opt, ':'); } - snprintf(buf, sizeof(buf), "%u\n", count); + xsnprintf(buf, sizeof(buf), "%u\n", count); opt->output(opt, buf, strlen(buf)); return 1; } -- cgit v1.2.3