path: root/builtin/ls-remote.c
diff options
authorJeff King <>2017-03-28 19:46:30 (GMT)
committerJunio C Hamano <>2017-03-30 21:59:50 (GMT)
commit7f897b6f176319ec0f490d286c3fee11187d7095 (patch)
tree94b0539edf7f759fefd19856f588882d0135c1df /builtin/ls-remote.c
parent1412f762e0363c126ea011682b61a8c9d7d7456f (diff)
avoid using fixed PATH_MAX buffers for refs
Many functions which handle refs use a PATH_MAX-sized buffer to do so. This is mostly reasonable as we have to write loose refs into the filesystem, and at least on Linux the 4K PATH_MAX is big enough that nobody would care. But: 1. The static PATH_MAX is not always the filesystem limit. 2. On other platforms, PATH_MAX may be much smaller. 3. As we move to alternate ref storage, we won't be bound by filesystem limits. Let's convert these to heap buffers so we don't have to worry about truncation or size limits. We may want to eventually constrain ref lengths for sanity and to prevent malicious names, but we should do so consistently across all platforms, and in a central place (like the ref code). Signed-off-by: Jeff King <>
Diffstat (limited to 'builtin/ls-remote.c')
1 files changed, 6 insertions, 4 deletions
diff --git a/builtin/ls-remote.c b/builtin/ls-remote.c
index 66cdd45..b2d7d5c 100644
--- a/builtin/ls-remote.c
+++ b/builtin/ls-remote.c
@@ -17,17 +17,19 @@ static const char * const ls_remote_usage[] = {
static int tail_match(const char **pattern, const char *path)
const char *p;
- char pathbuf[PATH_MAX];
+ char *pathbuf;
if (!pattern)
return 1; /* no restriction */
- if (snprintf(pathbuf, sizeof(pathbuf), "/%s", path) > sizeof(pathbuf))
- return error("insanely long ref %.*s...", 20, path);
+ pathbuf = xstrfmt("/%s", path);
while ((p = *(pattern++)) != NULL) {
- if (!wildmatch(p, pathbuf, 0, NULL))
+ if (!wildmatch(p, pathbuf, 0, NULL)) {
+ free(pathbuf);
return 1;
+ }
+ free(pathbuf);
return 0;