On Thu, Dec 15, 2016 at 10:42:53AM -0800, Junio C Hamano wrote:
> > + sprintf((char *)p, "%d", ++count);
>
> Do we know the area pointed at p (which is inside buf) long enough
> not to overflow? If the original were 9 and you incremented to get
> 10, you would need one extra byte.
Even if it is enough, I'd ask to please use xsnprintf(). In the off
chance that there's a programming error, we'd get a nice die("BUG")
instead of a buffer overflow (and it makes the code base easier to audit
for other overflows).
-Peff