usage: report vsnprintf(3) failure

vreportf(), which is used e.g. by die() and warning() by default, calls
vsnprintf(3) to format the message to report.  If that call fails, it
only prints the prefix, e.g. "fatal: " or "warning: ".  This at least
informs users that they were supposed to get a message and reveals its
severity, but leaves them wondering what it may have been about.

Here's an example where vreportf() tries to print a message with a 2GB
string, which is too much for vsnprintf(3):

  $ perl -le 'print "create refs/heads/", "a"x2**31' | git update-ref --stdin
  fatal:

At least report the formatting error along with the offending message
(unformatted) to indicate why that message is empty.  Use fprintf(3)
instead of error() to get the message out directly and avoid recursing
back into vreportf().

With this patch we get:

  $ perl -le 'print "create refs/heads/", "a"x2**31' | git update-ref --stdin
  error: unable to format message: invalid ref format: %s
  fatal:

... which allows users to at least get an idea of what went wrong.

Suggested-by: Jeff King <peff@peff.net>
Helped-by: Jeff King <peff@peff.net>
Signed-off-by: René Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
René Scharfe 2024-04-05 20:59:52 +02:00 committed by Junio C Hamano
parent 3c2a3fdc38
commit c63adab961

View File

@ -19,8 +19,11 @@ static void vreportf(const char *prefix, const char *err, va_list params)
}
memcpy(msg, prefix, prefix_len);
p = msg + prefix_len;
if (vsnprintf(p, pend - p, err, params) < 0)
if (vsnprintf(p, pend - p, err, params) < 0) {
fprintf(stderr, _("error: unable to format message: %s\n"),
err);
*p = '\0'; /* vsnprintf() failed, clip at prefix */
}
for (; p != pend - 1 && *p; p++) {
if (iscntrl(*p) && *p != '\t' && *p != '\n')