Hi Peff,
On Thu, 15 Dec 2016, Jeff King wrote:
> On Thu, Dec 15, 2016 at 10:42:53AM -0800, Junio C Hamano wrote:
>
> > > + sprintf((char *)p, "%d", ++count);
> >
> > Do we know the area pointed at p (which is inside buf) long enough
> > not to overflow? If the original were 9 and you incremented to get
> > 10, you would need one extra byte.
>
> Even if it is enough, I'd ask to please use xsnprintf(). In the off
> chance that there's a programming error, we'd get a nice die("BUG")
> instead of a buffer overflow (and it makes the code base easier to audit
> for other overflows).
I ended up with more verbose, easier-to-read code that does not try to do
things in-place, in favor of being slightly more wasteful with strbufs.
Ciao,
Dscho
