diff options
| author | Jeff King <peff@peff.net> | 2015-09-24 23:08:03 +0200 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2015-10-05 20:08:05 +0200 |
| commit | d59f765ac9b3d6fc2e6bea262222b80493055f12 (patch) | |
| tree | 1909246830533d821b2e68dcca43fd5b15cccdad /builtin/merge-index.c | |
| parent | daemon: use cld->env_array when re-spawning (diff) | |
| download | git-d59f765ac9b3d6fc2e6bea262222b80493055f12.tar.xz git-d59f765ac9b3d6fc2e6bea262222b80493055f12.zip | |
use sha1_to_hex_r() instead of strcpy
Before sha1_to_hex_r() existed, a simple way to get hex
sha1 into a buffer was with:
strcpy(buf, sha1_to_hex(sha1));
This isn't wrong (assuming the buf is 41 characters), but it
makes auditing the code base for bad strcpy() calls harder,
as these become false positives.
Let's convert them to sha1_to_hex_r(), and likewise for
some calls to find_unique_abbrev(). While we're here, we'll
double-check that all of the buffers are correctly sized,
and use the more obvious GIT_SHA1_HEXSZ constant.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'builtin/merge-index.c')
| -rw-r--r-- | builtin/merge-index.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/builtin/merge-index.c b/builtin/merge-index.c index 1d66111917..1c3427c36c 100644 --- a/builtin/merge-index.c +++ b/builtin/merge-index.c @@ -9,7 +9,7 @@ static int merge_entry(int pos, const char *path) { int found; const char *arguments[] = { pgm, "", "", "", path, "", "", "", NULL }; - char hexbuf[4][60]; + char hexbuf[4][GIT_SHA1_HEXSZ + 1]; char ownbuf[4][60]; if (pos >= active_nr) @@ -22,7 +22,7 @@ static int merge_entry(int pos, const char *path) if (strcmp(ce->name, path)) break; found++; - strcpy(hexbuf[stage], sha1_to_hex(ce->sha1)); + sha1_to_hex_r(hexbuf[stage], ce->sha1); xsnprintf(ownbuf[stage], sizeof(ownbuf[stage]), "%o", ce->ce_mode); arguments[stage] = hexbuf[stage]; arguments[stage + 4] = ownbuf[stage]; |