On Wed, Feb 24, 2021 at 12:08:42PM -0800, Junio C Hamano wrote: > > Use FLEX_ALLOC_STR() to allocate the `struct untracked_cache_dir` > > for the root directory. Get rid of unsafe code that might fail to > > initialize the `name` field (if FLEX_ARRAY is not 1). This will > > make it clear that we intend to have a structure with an empty > > string following it. > [...] > The problematic code was introduced in 2015, a year before these > FLEX_ALLOC_*() helpers were introduced. The result is of course > correct and much easier to read, as the necessary "ask for a region > of calloc'ed memory with an additional byte for terminating NUL > beyond strlen()" is hidden in the helper. When I added the FLEX_ALLOC_* helpers, I audited for existing callers to convert. But I did so by looking for places where we were doing manual size computations. The bug here was that it was not doing any computation at all (when it need to be doing "+1"). So that's my guess why it got overlooked (which is not super important, but may give a hint about how to look for similar bugs). -Peff
