From 7b03c89ebd10396ac7569f0c8c4fa0b4efd4f7ed Mon Sep 17 00:00:00 2001 From: Jeff King Date: Thu, 24 Sep 2015 17:05:37 -0400 Subject: add xsnprintf helper function There are a number of places in the code where we call sprintf(), with the assumption that the output will fit into the buffer. In many cases this is true (e.g., formatting a number into a large buffer), but it is hard to tell immediately from looking at the code. It would be nice if we had some run-time check to make sure that our assumption is correct (and to communicate to readers of the code that we are not blindly calling sprintf, but have actually thought about this case). This patch introduces xsnprintf, which behaves just like snprintf, except that it dies whenever the output is truncated. This acts as a sort of assert() for these cases, which can help find places where the assumption is violated (as opposed to truncating and proceeding, which may just silently give a wrong answer). Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- git-compat-util.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'git-compat-util.h') diff --git a/git-compat-util.h b/git-compat-util.h index f649e81f11..348b9dcc1c 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -744,6 +744,9 @@ static inline size_t xsize_t(off_t len) return (size_t)len; } +__attribute__((format (printf, 3, 4))) +extern int xsnprintf(char *dst, size_t max, const char *fmt, ...); + /* in ctype.c, for kwset users */ extern const unsigned char tolower_trans_tbl[256]; -- cgit v1.2.3