On 07/03/2024 19:35, Junio C Hamano wrote:
Florian Schmidt <flosch@xxxxxxxxxxx> writes:
Side remark: Since strstr() doesn't consider len, and will always search
up to a null byte, I now wonder whether it would be safer to create a
new strbuf that only contains the len bytes we want to operate on.
That is a valid concern in general, but does not seem to apply to
the current codebase. Thanks for being careful.
Thanks, that confirms my cursory look at the consumers of the function.
If you think that it's unlikely that in the future, a new user of this
function would provide a non-terminated string, then there is no need
for action. I guess the aim is to use strbufs wherever suitable in the
first place, anyway, and those won't have this issue?
Cheers,
flosch
