Anonymous avatar Anonymous committed ae9c86f

git-verify-pack: more careful path handling

Use strlcpy() to copy the filename into a buffer and complain if it
doesn't fit. Also move the path buffer into verify_one_pack(); it is
used only there. Now we can const'ify the first argument of this

Signed-off-by: Rene Scharfe <>;
Signed-off-by: Junio C Hamano <>;

Comments (0)

Files changed (1)

 #include "cache.h"
 #include "pack.h"
-static int verify_one_pack(char *arg, int verbose)
+static int verify_one_pack(const char *path, int verbose)
-	int len = strlen(arg);
+	char arg[PATH_MAX];
+	int len;
 	struct packed_git *g;
+	len = strlcpy(arg, path, PATH_MAX);
+	if (len >= PATH_MAX)
+		return error("name too long: %s", path);
 	while (1) {
 		/* Should name foo.idx, but foo.pack may be named;
 		 * convert it to foo.idx
 	int nothing_done = 1;
 	while (1 < ac) {
-		char path[PATH_MAX];
 		if (!no_more_options && av[1][0] == '-') {
 			if (!strcmp("-v", av[1]))
 				verbose = 1;
 		else {
-			strcpy(path, av[1]);
-			if (verify_one_pack(path, verbose))
+			if (verify_one_pack(av[1], verbose))
 			nothing_done = 0;
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.