From c63adab96184135718debdc8c7fc53a2abd80ca8 Mon Sep 17 00:00:00 2001 From: René Scharfe Date: Fri, 5 Apr 2024 20:59:52 +0200 Subject: usage: report vsnprintf(3) failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit vreportf(), which is used e.g. by die() and warning() by default, calls vsnprintf(3) to format the message to report. If that call fails, it only prints the prefix, e.g. "fatal: " or "warning: ". This at least informs users that they were supposed to get a message and reveals its severity, but leaves them wondering what it may have been about. Here's an example where vreportf() tries to print a message with a 2GB string, which is too much for vsnprintf(3): $ perl -le 'print "create refs/heads/", "a"x2**31' | git update-ref --stdin fatal: At least report the formatting error along with the offending message (unformatted) to indicate why that message is empty. Use fprintf(3) instead of error() to get the message out directly and avoid recursing back into vreportf(). With this patch we get: $ perl -le 'print "create refs/heads/", "a"x2**31' | git update-ref --stdin error: unable to format message: invalid ref format: %s fatal: ... which allows users to at least get an idea of what went wrong. Suggested-by: Jeff King Helped-by: Jeff King Signed-off-by: René Scharfe Signed-off-by: Junio C Hamano --- usage.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/usage.c b/usage.c index 09f0ed509b..7a2f7805f5 100644 --- a/usage.c +++ b/usage.c @@ -19,8 +19,11 @@ static void vreportf(const char *prefix, const char *err, va_list params) } memcpy(msg, prefix, prefix_len); p = msg + prefix_len; - if (vsnprintf(p, pend - p, err, params) < 0) + if (vsnprintf(p, pend - p, err, params) < 0) { + fprintf(stderr, _("error: unable to format message: %s\n"), + err); *p = '\0'; /* vsnprintf() failed, clip at prefix */ + } for (; p != pend - 1 && *p; p++) { if (iscntrl(*p) && *p != '\t' && *p != '\n') -- cgit 1.2.3-korg