> On 05 Mar 2018, at 22:50, Junio C Hamano <[email protected]> wrote:
>
> [email protected] writes:
>
>> +static int validate_encoding(const char *path, const char *enc,
>> + const char *data, size_t len, int die_on_error)
>> +{
>> + if (!memcmp("UTF-", enc, 4)) {
>
> Does the caller already know that enc is sufficiently long that
> using memcmp is safe?
No :-(
Would you be willing to squash that in?
if (strlen(enc) > 4 && !memcmp("UTF-", enc, 4)) {
I deliberately used "> 4" as plain "UTF-" is not even valid.
Thanks for spotting this,
Lars
