stop_progress_msg: convert sprintf to xsnprintf

The usual arguments for using xsnprintf over sprintf apply,
but this case is a little tricky. We print to a fixed-size
buffer if we have room, and otherwise to an allocated
buffer. So there should be no overflow here, but it is still
good to communicate our intention, as well as to check our
earlier math for how much space the string will need.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/progress.c b/progress.c
index a3efcfd34ccf60bcd41d7d2aef18fcb2aeca7837..353bd37416e65f6dba733ac9d14999f1e293b4b9 100644 (file)
--- a/progress.c
+++ b/progress.c
@@ -254,7 +254,7 @@ void stop_progress_msg(struct progress **p_progress, const char *msg)
                        throughput_string(&tp->display, tp->curr_total, rate);
                }
                progress_update = 1;
-               sprintf(bufp, ", %s.\n", msg);
+               xsnprintf(bufp, len + 1, ", %s.\n", msg);
                display(progress, progress->last_value, bufp);
                if (buf != bufp)
                        free(bufp);