fmt_with_err: add a comment that truncation is OK

Functions like die_errno() use fmt_with_err() to combine the
caller-provided format with the strerror() string. We use a
fixed stack buffer because we're already handling an error
and don't have any way to report another one. Our buffer
should generally be big enough to fit this, but if it's not,
truncation is our best option. Let's add a comment to that
effect, so that anybody auditing the code for truncation
bugs knows that this is fine.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/usage.c b/usage.c
index cdd534c9dfc4bd38ce112da62643ab2dc7b4fbe9..b3c78931ad9f68f45f78253c64abe9416b3971b3 100644 (file)
--- a/usage.c
+++ b/usage.c
@@ -148,6 +148,7 @@ static const char *fmt_with_err(char *buf, int n, const char *fmt)
                }
        }
        str_error[j] = 0;
+       /* Truncation is acceptable here */
        snprintf(buf, n, "%s: %s", fmt, str_error);
        return buf;
 }