From eb608118efa20e8f3eb1ba73f03b04f060eb0efd Mon Sep 17 00:00:00 2001
From: Tristan Riehs <tristan.riehs@inria.fr>
Date: Mon, 17 Nov 2025 09:43:29 +0100
Subject: Fix SQL query length asserts

These assert do not check for memory errors -- with strncat and snprintf
called with proper parameters there should not be any -- but for SQL
query truncation.
---
 src/main.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/main.c b/src/main.c
index acf25cc..e5beb69 100644
--- a/src/main.c
+++ b/src/main.c
@@ -435,12 +435,12 @@ static void ftag_query_date(sqlite3 *db, char *sql, int max_len,
 	int need_and_keyword = 0;
 	strncat(sql, "\t(SELECT id,canonical_name,full_name FROM files",
 		max_len - strlen(sql));
-	assert(strlen(sql) <= max_len);
+	assert(strlen(sql) < max_len);
 	if (before_date != 0) {
 		memset(buf, 0, sizeof(buf));
 		snprintf(buf, sizeof(buf)-1, " WHERE date < %ld", before_date);
 		strncat(sql, buf, max_len - strlen(sql));
-		assert(strlen(sql) <= max_len);
+		assert(strlen(sql) < max_len);
 		need_and_keyword = 1;
 	}
 	if (after_date != 0) {
@@ -451,7 +451,7 @@ static void ftag_query_date(sqlite3 *db, char *sql, int max_len,
 		memset(buf, 0, sizeof(buf));
 		snprintf(buf, sizeof(buf)-1, " date > %ld", after_date);
 		strncat(sql, buf, max_len - strlen(sql));
-		assert(strlen(sql) <= max_len);
+		assert(strlen(sql) < max_len);
 	}
 	strncat(sql, ")\n", max_len - strlen(sql));
 }
@@ -468,7 +468,7 @@ static void ftag_query_join(sqlite3 *db, char *sql, int max_len,
 	}
 	char *prefix = "\t(SELECT id,canonical_name,full_name FROM file_tags JOIN\n";
 	strncat(sql, prefix, max_len - strlen(sql));
-	assert(strlen(sql) <= max_len);
+	assert(strlen(sql) < max_len);
 	ftag_query_join(db, sql, max_len,
 			tags, tag_count-1, before_date, after_date);
 	int tag_id = get_id_by_col(db, "tags", "name", tags[tag_count-1]);
@@ -477,7 +477,7 @@ static void ftag_query_join(sqlite3 *db, char *sql, int max_len,
 	snprintf(suffix, sizeof(suffix)-1,
 		 "\t\tON id = file\n\t\tWHERE tag = %d)\n", tag_id);
 	strncat(sql, suffix, max_len - strlen(sql));
-	assert(strlen(sql) <= max_len);
+	assert(strlen(sql) < max_len);
 }
 
 static void ftag_query(int argc, char **argv)
-- 
cgit v1.2.3