[PATCH 00/19] Fixed-size buffer removal

[John Keeping]

This series replaces use of fixed-size buffers for any user-supplied
input or data from the repository with Git's struct strbuf.  It is based
on wip.

After this series, the only remaining uses of html.c::fmt produce
strings with a known bound on their length and there are no uses of
snprintf.

The first patch was sent before but appears to have been lost in the
noise; I'm resending it as part of this series to avoid textual
conflicts with later patches.

While working on this, I learned about the "module-link" configuration
option, which currently takes a printf format string which is passed to
printf as the format string.  I'd like to change this to use the
strbuf_expand format so that administrators of CGit installations can't
shoot themselves in the foot with invalid format strings but I'd like
some feedback on how we can do that and maintain backwards
compatibility.  Perhaps we could introduce "submodule-link" with the new
syntax and deprecate "module-link"?

John Keeping (19):
  Fix out-of-bounds memory accesses with virtual_root=""
  Remove redundant calls to fmt("%s", ...)
  cache.c: don't use statically sized buffers for filenames
  html: introduce html_txtf and html_vtxtf functions
  Convert cgit_print_error to a variadic function
  scan-tree: use struct strbuf instead of static buffers
  ui-log.c: use a strbuf for refs
  ui-log.c: use a strbuf for grep arguments
  ui-plain.c: use struct strbuf instead of fmt()
  ui-refs.c: use struct strbuf instead of fixed-size buffers
  ui-repolist.c: use struct strbuf for repository paths
  ui-snapshot.c: tidy up memory management in write_archive_type
  ui-snapshot: use a struct strbuf instead of fixed-size buffers
  ui-summary.c: use struct strbuf instead of fixed-size buffers
  ui-tag.c: use struct strbuf for user-supplied data
  ui-tree.c: use struct strbuf instead of fmt()
  cgit.c: use struct strbuf instead of fmt()
  html: add html_attrf to output an attribute value from a format string
  ui-shared.c: use struct strbuf instead of fmt()

 cache.c       |  56 ++++++++---------------
 cgit.c        | 105 +++++++++++++++++++++---------------------
 cgit.h        |   3 +-
 html.c        |  41 +++++++++++++++--
 html.h        |  11 ++++-
 scan-tree.c   | 145 ++++++++++++++++++++++++++++++++--------------------------
 shared.c      |  15 ++++++
 ui-blob.c     |   8 ++--
 ui-commit.c   |   4 +-
 ui-diff.c     |   8 ++--
 ui-log.c      |  32 ++++++++-----
 ui-patch.c    |   4 +-
 ui-plain.c    |  10 ++--
 ui-refs.c     |  11 +++--
 ui-repolist.c |  28 +++++++-----
 ui-shared.c   |  66 +++++++++++++++-----------
 ui-shared.h   |   5 +-
 ui-snapshot.c |  65 ++++++++++++++++----------
 ui-stats.c    |   5 +-
 ui-summary.c  |  16 +++++--
 ui-tag.c      |  20 ++++----
 ui-tree.c     |  46 +++++++++----------
 22 files changed, 410 insertions(+), 294 deletions(-)

-- 
1.8.2.692.g17a9715