On Thu, May 15, 2025 at 01:11:48PM +0000, Johannes Schindelin via GitGitGadget wrote: > In c429bed102 (bundle-uri: store fetch.bundleCreationToken, 2023-01-31) > code was introduced that assumes that an `sscanf()` call leaves its > output variables unchanged unless the return value indicates success. > > However, the POSIX documentation makes no such guarantee: > https://pubs.opengroup.org/onlinepubs/9699919799/functions/sscanf.html > > So let's make sure that the output variable `maxCreationToken` is > always well-defined. Definitely an issue, but...why are we using sscanf() at all? Wouldn't strtoul() be the usual thing in our code base? Or even just repo_config_get_ulong()? The behavior of the latter would differ in that we'd complain about a garbage value in fetch.bundlecreationtoken, but wouldn't that be a good thing? -Peff
