Am 19.05.2018 um 03:57 schrieb Jeff King: > These formatted integers should always fit into their > 64-byte buffers. Let's use xsnprintf() to add an assertion > that this is the case, which makes auditing for other > unchecked snprintfs() easier. How about this instead? -- >8 -- Subject: [PATCH] fsmonitor: use internal argv_array of struct child_process Avoid magic array sizes and indexes by constructing the fsmonitor command line using the embedded argv_array of the child_process. The resulting code is shorter and easier to extend. Getting rid of the snprintf() calls is a bonus -- even though the buffers were big enough here to avoid truncation -- as it makes auditing the remaining callers easier. Inspired-by: Jeff King <peff@xxxxxxxx> Signed-off-by: Rene Scharfe <l.s.r@xxxxxx> --- fsmonitor.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/fsmonitor.c b/fsmonitor.c index ed3d1a074d..665bd2d425 100644 --- a/fsmonitor.c +++ b/fsmonitor.c @@ -97,19 +97,13 @@ void write_fsmonitor_extension(struct strbuf *sb, struct index_state *istate) static int query_fsmonitor(int version, uint64_t last_update, struct strbuf *query_result) { struct child_process cp = CHILD_PROCESS_INIT; - char ver[64]; - char date[64]; - const char *argv[4]; - if (!(argv[0] = core_fsmonitor)) + if (!core_fsmonitor) return -1; - snprintf(ver, sizeof(ver), "%d", version); - snprintf(date, sizeof(date), "%" PRIuMAX, (uintmax_t)last_update); - argv[1] = ver; - argv[2] = date; - argv[3] = NULL; - cp.argv = argv; + argv_array_push(&cp.args, core_fsmonitor); + argv_array_pushf(&cp.args, "%d", version); + argv_array_pushf(&cp.args, "%" PRIuMAX, (uintmax_t)last_update); cp.use_shell = 1; cp.dir = get_git_work_tree(); -- 2.17.0