Am 19.05.2018 um 03:57 schrieb Jeff King:
> These formatted integers should always fit into their
> 64-byte buffers. Let's use xsnprintf() to add an assertion
> that this is the case, which makes auditing for other
> unchecked snprintfs() easier.
How about this instead?
-- >8 --
Subject: [PATCH] fsmonitor: use internal argv_array of struct child_process
Avoid magic array sizes and indexes by constructing the fsmonitor
command line using the embedded argv_array of the child_process. The
resulting code is shorter and easier to extend.
Getting rid of the snprintf() calls is a bonus -- even though the
buffers were big enough here to avoid truncation -- as it makes auditing
the remaining callers easier.
Inspired-by: Jeff King <peff@xxxxxxxx>
Signed-off-by: Rene Scharfe <l.s.r@xxxxxx>
---
fsmonitor.c | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/fsmonitor.c b/fsmonitor.c
index ed3d1a074d..665bd2d425 100644
--- a/fsmonitor.c
+++ b/fsmonitor.c
@@ -97,19 +97,13 @@ void write_fsmonitor_extension(struct strbuf *sb, struct index_state *istate)
static int query_fsmonitor(int version, uint64_t last_update, struct strbuf *query_result)
{
struct child_process cp = CHILD_PROCESS_INIT;
- char ver[64];
- char date[64];
- const char *argv[4];
- if (!(argv[0] = core_fsmonitor))
+ if (!core_fsmonitor)
return -1;
- snprintf(ver, sizeof(ver), "%d", version);
- snprintf(date, sizeof(date), "%" PRIuMAX, (uintmax_t)last_update);
- argv[1] = ver;
- argv[2] = date;
- argv[3] = NULL;
- cp.argv = argv;
+ argv_array_push(&cp.args, core_fsmonitor);
+ argv_array_pushf(&cp.args, "%d", version);
+ argv_array_pushf(&cp.args, "%" PRIuMAX, (uintmax_t)last_update);
cp.use_shell = 1;
cp.dir = get_git_work_tree();
--
2.17.0
