From: "Todd C. Miller" <millert@openbsd.org>
Subject: Re: *printf return value
To: Omar Polo <op@omarpolo.com>
Cc: Theo Buehler <tb@theobuehler.org>, gameoftrees@openbsd.org
Date: Wed, 10 Aug 2022 08:38:57 -0600

On Wed, 10 Aug 2022 15:34:46 +0200, Omar Polo wrote:

> oh, I've forgot about that part of CAVEAT.  Updated diff below.
>
> I've only left
>
>     (got-read-pack.c)
>     553         n = snprintf(buf, sizeof(buf), "done\n");
>     554         err = got_pkt_writepkt(fd, buf, n, chattygot);
>
> that may look suspicious but I felt bad adding a check there: we're
> just writing six bytes after all.

That one should probably be strlcpy() instead.

I noticed another instance of snprintf() being used where the string
written is constant and not a format string in got-index-pack.c:

909	snprintf(msg, sizeof(msg), "could not resolve "
910	    "any of deltas; packfile could be corrupt");

 - todd