use sha1_to_hex_r() instead of strcpy
authorJeff King <peff@peff.net>
Thu, 24 Sep 2015 21:08:03 +0000 (17:08 -0400)
committerJunio C Hamano <gitster@pobox.com>
Mon, 5 Oct 2015 18:08:05 +0000 (11:08 -0700)
commitd59f765ac9b3d6fc2e6bea262222b80493055f12
tree1909246830533d821b2e68dcca43fd5b15cccdad
parentf063d38b808e184675e5b0931ea0167a013b3fcb
use sha1_to_hex_r() instead of strcpy

Before sha1_to_hex_r() existed, a simple way to get hex
sha1 into a buffer was with:

  strcpy(buf, sha1_to_hex(sha1));

This isn't wrong (assuming the buf is 41 characters), but it
makes auditing the code base for bad strcpy() calls harder,
as these become false positives.

Let's convert them to sha1_to_hex_r(), and likewise for
some calls to find_unique_abbrev(). While we're here, we'll
double-check that all of the buffers are correctly sized,
and use the more obvious GIT_SHA1_HEXSZ constant.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
builtin/blame.c
builtin/merge-index.c
builtin/merge.c
builtin/receive-pack.c
builtin/rev-list.c
diff.c