object-file: use xmalloc*z*() for index_core()

Follow-up a1e920a (index-pack: terminate object buffers with NUL,
2014-12-08) and make sure to return a \0-terminated "buf" from
index_core().

This inconsistency dates back to e83c516 (Initial revision of
"git", the information manager from hell, 2005-04-07) where
read_sha1_file() would return a malloc()'d "strlen(buffer) + 1".

This inconsistency makes functions such as parse_tag_buffer() in tag.c
harder to reason about, some codepaths that call them will hand them a
data/size pair where the "data" comes from xmallocz(), whereas
others (being changed here) hand them the same data/size, but that
"data" comes from malloc().

We therefore have to be more paranoid about parsing the data, to
ensure that we don't run off the end of "size". By using xmallocsz()
we can rely on a "\0" to stop any str*() function.

Signed-off-by: Ævar Arnfjörð Bjarmason <[email protected]>

Author: avar

object-file.c

@@ -1686,7 +1686,7 @@ int pretend_object_file(void *buf, unsigned long len, enum object_type type,
 	co = &cached_objects[cached_object_nr++];
 	co->size = len;
 	co->type = type;
-	co->buf = xmalloc(len);
+	co->buf = xmallocz(len);
 	memcpy(co->buf, buf, len);
 	oidcpy(&co->oid, oid);
 	return 0;
@@ -2433,7 +2433,7 @@ static int index_core(struct index_state *istate,
 	if (!size) {
 		ret = index_mem(istate, oid, "", size, type, path, flags);
 	} else if (size <= SMALL_FILE_SIZE) {
-		char *buf = xmalloc(size);
+		char *buf = xmallocz(size);
 		ssize_t read_result = read_in_full(fd, buf, size);
 		if (read_result < 0)
 			ret = error_errno(_("read error while indexing %s"),