From mboxrd@z Thu Jan 1 00:00:00 1970 From: john at keeping.me.uk (John Keeping) Date: Sun, 7 Apr 2013 10:29:51 +0100 Subject: [PATCH 00/19] Fixed-size buffer removal Message-ID: This series replaces use of fixed-size buffers for any user-supplied input or data from the repository with Git's struct strbuf. It is based on wip. After this series, the only remaining uses of html.c::fmt produce strings with a known bound on their length and there are no uses of snprintf. The first patch was sent before but appears to have been lost in the noise; I'm resending it as part of this series to avoid textual conflicts with later patches. While working on this, I learned about the "module-link" configuration option, which currently takes a printf format string which is passed to printf as the format string. I'd like to change this to use the strbuf_expand format so that administrators of CGit installations can't shoot themselves in the foot with invalid format strings but I'd like some feedback on how we can do that and maintain backwards compatibility. Perhaps we could introduce "submodule-link" with the new syntax and deprecate "module-link"? John Keeping (19): Fix out-of-bounds memory accesses with virtual_root="" Remove redundant calls to fmt("%s", ...) cache.c: don't use statically sized buffers for filenames html: introduce html_txtf and html_vtxtf functions Convert cgit_print_error to a variadic function scan-tree: use struct strbuf instead of static buffers ui-log.c: use a strbuf for refs ui-log.c: use a strbuf for grep arguments ui-plain.c: use struct strbuf instead of fmt() ui-refs.c: use struct strbuf instead of fixed-size buffers ui-repolist.c: use struct strbuf for repository paths ui-snapshot.c: tidy up memory management in write_archive_type ui-snapshot: use a struct strbuf instead of fixed-size buffers ui-summary.c: use struct strbuf instead of fixed-size buffers ui-tag.c: use struct strbuf for user-supplied data ui-tree.c: use struct strbuf instead of fmt() cgit.c: use struct strbuf instead of fmt() html: add html_attrf to output an attribute value from a format string ui-shared.c: use struct strbuf instead of fmt() cache.c | 56 ++++++++--------------- cgit.c | 105 +++++++++++++++++++++--------------------- cgit.h | 3 +- html.c | 41 +++++++++++++++-- html.h | 11 ++++- scan-tree.c | 145 ++++++++++++++++++++++++++++++++-------------------------- shared.c | 15 ++++++ ui-blob.c | 8 ++-- ui-commit.c | 4 +- ui-diff.c | 8 ++-- ui-log.c | 32 ++++++++----- ui-patch.c | 4 +- ui-plain.c | 10 ++-- ui-refs.c | 11 +++-- ui-repolist.c | 28 +++++++----- ui-shared.c | 66 +++++++++++++++----------- ui-shared.h | 5 +- ui-snapshot.c | 65 ++++++++++++++++---------- ui-stats.c | 5 +- ui-summary.c | 16 +++++-- ui-tag.c | 20 ++++---- ui-tree.c | 46 +++++++++---------- 22 files changed, 410 insertions(+), 294 deletions(-) -- 1.8.2.692.g17a9715