mirror of
https://github.com/git/git
synced 2024-10-30 03:13:24 +00:00
5096d4909f
We sometimes sprintf into fixed-size buffers when we know that the buffer is large enough to fit the input (either because it's a constant, or because it's numeric input that is bounded in size). Likewise with strcpy of constant strings. However, these sites make it hard to audit sprintf and strcpy calls for buffer overflows, as a reader has to cross-reference the size of the array with the input. Let's use xsnprintf instead, which communicates to a reader that we don't expect this to overflow (and catches the mistake in case we do). Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
36 lines
824 B
C
36 lines
824 B
C
#include "builtin.h"
|
|
|
|
static char *create_temp_file(unsigned char *sha1)
|
|
{
|
|
static char path[50];
|
|
void *buf;
|
|
enum object_type type;
|
|
unsigned long size;
|
|
int fd;
|
|
|
|
buf = read_sha1_file(sha1, &type, &size);
|
|
if (!buf || type != OBJ_BLOB)
|
|
die("unable to read blob object %s", sha1_to_hex(sha1));
|
|
|
|
xsnprintf(path, sizeof(path), ".merge_file_XXXXXX");
|
|
fd = xmkstemp(path);
|
|
if (write_in_full(fd, buf, size) != size)
|
|
die_errno("unable to write temp-file");
|
|
close(fd);
|
|
return path;
|
|
}
|
|
|
|
int cmd_unpack_file(int argc, const char **argv, const char *prefix)
|
|
{
|
|
unsigned char sha1[20];
|
|
|
|
if (argc != 2 || !strcmp(argv[1], "-h"))
|
|
usage("git unpack-file <sha1>");
|
|
if (get_sha1(argv[1], sha1))
|
|
die("Not a valid object name %s", argv[1]);
|
|
|
|
git_config(git_default_config, NULL);
|
|
|
|
puts(create_temp_file(sha1));
|
|
return 0;
|
|
}
|