Arnout Engelen <arnouten@xxxxxxxx> writes: > Thanks to you and Jonathan again for the feedback. > > On Tue, Dec 07, 2010 at 12:56:17PM -0800, Junio C Hamano wrote: >> > + char origtemplate[255]; >> > + strlcpy(origtemplate, template, 255); >> >> Why "255"? > > Random - 'i had to choose something'. > >> It may happen to be sufficiently large for the current callers, but what >> provisions if any are made to help the compiler or the runtime protect us >> from new and broken callers? Use of strlcpy() there hides the issue from >> the runtime by avoiding segfault, but it actively harms us by making the >> code silently behave incorrectly without segfaulting, no? > > Only in a small way: when a bigger template is encountered and the mkstemp > call succeeds, there is no problem. Only when xmkstemp fails *and* clears the > template, the diagnostic error message shows a truncated version of the > original. Ah, ok, it seems that I misread the patch. This copy you are making is not used to actually construct the filename used for creating the temporary file, so there is no risk the function misbehaving; we would just give a truncated error report, which is no worse than what we have been giving the users anyway. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html