René Scharfe <l.s.r@xxxxxx> writes: > But anyway: If NULs are of no concern and we currently end parsing when > we see one in all cases, why do we need a _mem function at all? The > original version of the function, find_commit_header(), should suffice. > check_nonce() could be run against the NUL-terminated sigcheck.payload > and check_cert_push_options() parses an entire strbuf, so there is no > risk of out-of-bounds access. If I recall correctly, the caller that does not pass strlen() as the payload length gives a length that is shorter than the buffer, i.e. "stop the parsing here, do not get confused into thinking the garbage after this point contains useful payload" was the reason why we have a separate "len".
