fmt_with_err: add a comment that truncation is OK

peff · gitster · commit ac4896f007a6 · 2018-05-21T09:59:14.000+09:00
Functions like die_errno() use fmt_with_err() to combine the
caller-provided format with the strerror() string. We use a
fixed stack buffer because we're already handling an error
and don't have any way to report another one. Our buffer
should generally be big enough to fit this, but if it's not,
truncation is our best option. Let's add a comment to that
effect, so that anybody auditing the code for truncation
bugs knows that this is fine.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
diff --git a/usage.c b/usage.c
@@ -148,6 +148,7 @@ static const char *fmt_with_err(char *buf, int n, const char *fmt)
 		}
 	}
 	str_error[j] = 0;
+	/* Truncation is acceptable here */
 	snprintf(buf, n, "%s: %s", fmt, str_error);
 	return buf;
 }

Original file line number	Diff line number	Diff line change
`@@ -148,6 +148,7 @@ static const char fmt_with_err(char buf, int n, const char *fmt)`
`148`	`148`	`}`
`149`	`149`	`}`
`150`	`150`	`str_error[j] = 0;`
	`151`	`+ /* Truncation is acceptable here */`
`151`	`152`	`snprintf(buf, n, "%s: %s", fmt, str_error);`
`152`	`153`	`return buf;`
`153`	`154`	`}`