"John Cai via GitGitGadget" <gitgitgadget@xxxxxxxxx> writes:
> Changes since v4:
>
> * added NEEDSWORK block detailing what needs to be done to clean up
> find_header_mem
> ...
> - while (line) {
> ++ /*
> ++ * NEEDSWORK: Between line[0] and msg[len], there may not be a LF nor NUL
> ++ * at all, and strchrnul() will scan beyond the range we were given
> ++ * Make this operation safer and abide by the contract to only read up to len.
> ++ */
This sounds unnecessarily alarming. Can't we also explain that the
current callers are safe?
