Hi Peff, On Thu, 14 Jan 2016, Jeff King wrote: > This strcpy will never overflow because it's copying from > baked-in test data. But we would prefer to avoid strcpy > entirely, as it makes it harder to audit for real security > bugs. Thanks. > This sort-of applies on top of js/dirname-basename, which is in next. > Textually, it's fine, but that topic is based on v2.6.5, and xsnprintf > was only added in the v2.7.0 cycle. The simplest thing is probably to > wait for it to graduate to master, and then apply there as a new topic > (if we do v2.6.6, it's OK for it not to have this patch). > > I can hold and resend in a week or two if that's easier. If you have a patch to make dirname/basename safer based on xsnprintf, I would like to have that as soon as possible (next was rewound to 2.7.0, no?)... Thanks! Dscho -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html