Andrew's git / gitweb.git / diff
?
add xsnprintf helper function
authorJeff King <peff@peff.net>
Thu, 24 Sep 2015 21:05:37 +0000 (17:05 -0400)
committerJunio C Hamano <gitster@pobox.com>
Fri, 25 Sep 2015 17:18:18 +0000 (10:18 -0700)
There are a number of places in the code where we call
sprintf(), with the assumption that the output will fit into
the buffer. In many cases this is true (e.g., formatting a
number into a large buffer), but it is hard to tell
immediately from looking at the code. It would be nice if we
had some run-time check to make sure that our assumption is
correct (and to communicate to readers of the code that we
are not blindly calling sprintf, but have actually thought
about this case).

This patch introduces xsnprintf, which behaves just like
snprintf, except that it dies whenever the output is
truncated. This acts as a sort of assert() for these cases,
which can help find places where the assumption is violated
(as opposed to truncating and proceeding, which may just
silently give a wrong answer).

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
git-compat-util.h patch | blob | history
wrapper.c patch | blob | history
diff --git a/git-compat-util.h b/git-compat-util.h
index f649e81f1107722f4c7d051201920ae2a0e7846a..348b9dcc1ccd81d5cdaebeca6f801b4aa9701f25 100644 (file)
--- a/git-compat-util.h
+++ b/git-compat-util.h
@@ -744,6 +744,9 @@ static inline size_t xsize_t(off_t len)
        return (size_t)len;
 }
 
+__attribute__((format (printf, 3, 4)))
+extern int xsnprintf(char *dst, size_t max, const char *fmt, ...);
+
 /* in ctype.c, for kwset users */
 extern const unsigned char tolower_trans_tbl[256];
 
diff --git a/wrapper.c b/wrapper.c
index 0e22d4381438b2c262e1cd5ee0cc4effc2fb3c3d..6fcaa4dc62b504078ea5202cfd7a096e79a83c5e 100644 (file)
--- a/wrapper.c
+++ b/wrapper.c
@@ -621,6 +621,22 @@ char *xgetcwd(void)
        return strbuf_detach(&sb, NULL);
 }
 
+int xsnprintf(char *dst, size_t max, const char *fmt, ...)
+{
+       va_list ap;
+       int len;
+
+       va_start(ap, fmt);
+       len = vsnprintf(dst, max, fmt, ap);
+       va_end(ap);
+
+       if (len < 0)
+               die("BUG: your snprintf is broken");
+       if (len >= max)
+               die("BUG: attempt to snprintf into too-small buffer");
+       return len;
+}
+
 static int write_file_v(const char *path, int fatal,
                        const char *fmt, va_list params)
 {