Merge branch 'jk/snprintf-truncation'

Avoid unchecked snprintf() to make future code auditing easier.

* jk/snprintf-truncation:
fmt_with_err: add a comment that truncation is OK
shorten_unambiguous_ref: use xsnprintf
fsmonitor: use internal argv_array of struct child_process
log_write_email_headers: use strbufs
http: use strbufs instead of fixed buffers

diff --cc fsmonitor.c
Simple merge

diff --cc http.c
index d9155972d68e82c188a41d0a2a02728d9862570b,fc5fff90a776ca7e93dc151836c1e0a4c4e7c179..deea47411a9d263fc87d9ff03f6b3bf6fa0d0fff
--- 1/http.c
--- 2/http.c
+++ b/http.c
@@@ -2105,9 -2110,9 +2106,9 @@@ int finish_http_pack_request(struct htt
                lst = &((*lst)->next);
        *lst = (*lst)->next;
  
-       if (!strip_suffix(preq->tmpfile, ".pack.temp", &len))
+       if (!strip_suffix(preq->tmpfile.buf, ".pack.temp", &len))
 -              die("BUG: pack tmpfile does not end in .pack.temp?");
 +              BUG("pack tmpfile does not end in .pack.temp?");
-       tmp_idx = xstrfmt("%.*s.idx.temp", (int)len, preq->tmpfile);
+       tmp_idx = xstrfmt("%.*s.idx.temp", (int)len, preq->tmpfile.buf);
  
        argv_array_push(&ip.args, "index-pack");
        argv_array_pushl(&ip.args, "-o", tmp_idx, NULL);
@@@ -2244,14 -2251,13 +2247,13 @@@ struct http_object_request *new_http_ob
        hashcpy(freq->sha1, sha1);
        freq->localfile = -1;
  
 -      sha1_file_name(&filename, sha1);
 +      sha1_file_name(the_repository, &filename, sha1);
-       snprintf(freq->tmpfile, sizeof(freq->tmpfile),
-                "%s.temp", filename.buf);
+       strbuf_addf(&freq->tmpfile, "%s.temp", filename.buf);
  
-       snprintf(prevfile, sizeof(prevfile), "%s.prev", filename.buf);
-       unlink_or_warn(prevfile);
-       rename(freq->tmpfile, prevfile);
-       unlink_or_warn(freq->tmpfile);
+       strbuf_addf(&prevfile, "%s.prev", filename.buf);
+       unlink_or_warn(prevfile.buf);
+       rename(freq->tmpfile.buf, prevfile.buf);
+       unlink_or_warn(freq->tmpfile.buf);
        strbuf_release(&filename);
  
        if (freq->localfile != -1)
@@@ -2390,11 -2399,12 +2395,11 @@@ int finish_http_object_request(struct h
                return -1;
        }
        if (hashcmp(freq->sha1, freq->real_sha1)) {
-               unlink_or_warn(freq->tmpfile);
+               unlink_or_warn(freq->tmpfile.buf);
                return -1;
        }
 -
 -      sha1_file_name(&filename, freq->sha1);
 +      sha1_file_name(the_repository, &filename, freq->sha1);
-       freq->rename = finalize_object_file(freq->tmpfile, filename.buf);
+       freq->rename = finalize_object_file(freq->tmpfile.buf, filename.buf);
        strbuf_release(&filename);
  
        return freq->rename;

diff --cc http.h
Simple merge

diff --cc log-tree.c
index 724bae0de25b5b6e22dfecee233ff999be880dd5,4e83d7125b43b167f77b725229efcef52ab8bb9f..4aef85331e0b696d0373cf1bdb0743a7e6b58c36
--- 1/log-tree.c
--- 2/log-tree.c
+++ b/log-tree.c
@@@ -386,12 -385,16 +386,16 @@@ void log_write_email_headers(struct rev
                               opt->ref_message_ids->items[i].string);
                graph_show_oneline(opt->graph);
        }
 -      if (opt->mime_boundary) {
 +      if (opt->mime_boundary && maybe_multipart) {
-               static char subject_buffer[1024];
-               static char buffer[1024];
+               static struct strbuf subject_buffer = STRBUF_INIT;
+               static struct strbuf buffer = STRBUF_INIT;
                struct strbuf filename =  STRBUF_INIT;
                *need_8bit_cte_p = -1; /* NEVER */
-               snprintf(subject_buffer, sizeof(subject_buffer) - 1,
+ 
+               strbuf_reset(&subject_buffer);
+               strbuf_reset(&buffer);
+ 
+               strbuf_addf(&subject_buffer,
                         "%s"
                         "MIME-Version: 1.0\n"
                         "Content-Type: multipart/mixed;"

diff --cc refs.c
Simple merge

diff --cc usage.c
Simple merge