From 66e83d9b41f7438cb167b9bb54093ebbf0532437 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Wed, 22 Aug 2018 20:50:51 -0400 Subject: append_signoff: use size_t for string offsets The append_signoff() function takes an "int" to specify the number of bytes to ignore. Most callers just pass 0, and the remainder use ignore_non_trailer() to skip over cruft. That function also returns an int, and uses them internally. On systems where size_t is larger than an int (i.e., most 64-bit systems), dealing with a ridiculously large commit message could end up overflowing an int, producing surprising results (e.g., returning a negative offset, which would cause us to look outside the original string). Let's consistently use size_t for these offsets through this whole stack. As a bonus, this makes the meaning of "ignore_footer" as an offset (and not a boolean) more clear. But while we're here, let's also document the interface. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- sequencer.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'sequencer.h') diff --git a/sequencer.h b/sequencer.h index c5787c6b56..06ff5ff065 100644 --- a/sequencer.h +++ b/sequencer.h @@ -85,7 +85,14 @@ int rearrange_squash(void); extern const char sign_off_header[]; -void append_signoff(struct strbuf *msgbuf, int ignore_footer, unsigned flag); +/* + * Append a signoff to the commit message in "msgbuf". The ignore_footer + * parameter specifies the number of bytes at the end of msgbuf that should + * not be considered at all. I.e., they are not checked for existing trailers, + * and the new signoff will be spliced into the buffer before those bytes. + */ +void append_signoff(struct strbuf *msgbuf, size_t ignore_footer, unsigned flag); + void append_conflicts_hint(struct strbuf *msgbuf); int message_is_empty(const struct strbuf *sb, enum commit_msg_cleanup_mode cleanup_mode); -- cgit v1.2.3