On 16/03/17 14:27, Jeff King wrote: > In several places we write the name of the pack filename > into a fixed-size buffer using snprintf(), but do not check > the return value. As a result, a very long object directory > could cause us to quietly truncate the pack filename > (potentially leading to a corrupted repository, as a newly > written packfile could be missing its .pack extension). > > We can use odb_pack_name() to do this with a strbuf (and > shorten the code, as well). > > Signed-off-by: Jeff King <peff@xxxxxxxx> > --- > builtin/index-pack.c | 27 +++++++++++---------------- > fast-import.c | 28 +++++++++++++--------------- > 2 files changed, 24 insertions(+), 31 deletions(-) > [snip] > diff --git a/fast-import.c b/fast-import.c > index dad697653..41a539f97 100644 > --- a/fast-import.c > +++ b/fast-import.c > @@ -940,43 +940,40 @@ static const char *create_index(void) > > static char *keep_pack(const char *curr_index_name) > { > - static char name[PATH_MAX]; > static const char *keep_msg = "fast-import"; > + struct strbuf name = STRBUF_INIT; > int keep_fd; > > - snprintf(name, sizeof(name), "%s/pack/pack-%s.keep", > - get_object_directory(), sha1_to_hex(pack_data->sha1)); > - keep_fd = odb_pack_keep(name); > + odb_pack_name(&name, pack_data->sha1, "keep"); > + keep_fd = odb_pack_keep(name.buf); > if (keep_fd < 0) > die_errno("cannot create keep file"); > write_or_die(keep_fd, keep_msg, strlen(keep_msg)); > if (close(keep_fd)) > die_errno("failed to write keep file"); > > - snprintf(name, sizeof(name), "%s/pack/pack-%s.pack", > - get_object_directory(), sha1_to_hex(pack_data->sha1)); > - if (finalize_object_file(pack_data->pack_name, name)) > + odb_pack_name(&name, pack_data->sha1, "pack"); > + if (finalize_object_file(pack_data->pack_name, name.buf)) > die("cannot store pack file"); > > - snprintf(name, sizeof(name), "%s/pack/pack-%s.idx", > - get_object_directory(), sha1_to_hex(pack_data->sha1)); > - if (finalize_object_file(curr_index_name, name)) > + odb_pack_name(&name, pack_data->sha1, "idx"); > + if (finalize_object_file(curr_index_name, name.buf)) > die("cannot store index file"); > free((void *)curr_index_name); > - return name; > + return strbuf_detach(&name, NULL); Hmm, who deletes this, ... > } > > static void unkeep_all_packs(void) > { > - static char name[PATH_MAX]; > + struct strbuf name = STRBUF_INIT; > int k; > > for (k = 0; k < pack_id; k++) { > struct packed_git *p = all_packs[k]; > - snprintf(name, sizeof(name), "%s/pack/pack-%s.keep", > - get_object_directory(), sha1_to_hex(p->sha1)); > - unlink_or_warn(name); > + odb_pack_name(&name, p->sha1, "keep"); > + unlink_or_warn(name.buf); > } > + strbuf_release(&name); > } > > static int loosen_small_pack(const struct packed_git *p) > @@ -1035,6 +1032,7 @@ static void end_packfile(void) > die("core git rejected index %s", idx_name); > all_packs[pack_id] = new_p; > install_packed_git(new_p); > + free(idx_name); Ah, OK. Yep, no leaks here. ;-) > > /* Print the boundary */ > if (pack_edges) { > ATB, Ramsay Jones