path: root/builtin/tag.c
diff options
authorJeff King <>2017-03-28 19:46:30 (GMT)
committerJunio C Hamano <>2017-03-30 21:59:50 (GMT)
commit7f897b6f176319ec0f490d286c3fee11187d7095 (patch)
tree94b0539edf7f759fefd19856f588882d0135c1df /builtin/tag.c
parent1412f762e0363c126ea011682b61a8c9d7d7456f (diff)
avoid using fixed PATH_MAX buffers for refs
Many functions which handle refs use a PATH_MAX-sized buffer to do so. This is mostly reasonable as we have to write loose refs into the filesystem, and at least on Linux the 4K PATH_MAX is big enough that nobody would care. But: 1. The static PATH_MAX is not always the filesystem limit. 2. On other platforms, PATH_MAX may be much smaller. 3. As we move to alternate ref storage, we won't be bound by filesystem limits. Let's convert these to heap buffers so we don't have to worry about truncation or size limits. We may want to eventually constrain ref lengths for sanity and to prevent malicious names, but we should do so consistently across all platforms, and in a central place (like the ref code). Signed-off-by: Jeff King <>
Diffstat (limited to 'builtin/tag.c')
1 files changed, 6 insertions, 9 deletions
diff --git a/builtin/tag.c b/builtin/tag.c
index 045e7ad..0eb4e25 100644
--- a/builtin/tag.c
+++ b/builtin/tag.c
@@ -72,25 +72,22 @@ static int for_each_tag_name(const char **argv, each_tag_name_fn fn,
const void *cb_data)
const char **p;
- char ref[PATH_MAX];
+ struct strbuf ref = STRBUF_INIT;
int had_error = 0;
unsigned char sha1[20];
for (p = argv; *p; p++) {
- if (snprintf(ref, sizeof(ref), "refs/tags/%s", *p)
- >= sizeof(ref)) {
- error(_("tag name too long: %.*s..."), 50, *p);
- had_error = 1;
- continue;
- }
- if (read_ref(ref, sha1)) {
+ strbuf_reset(&ref);
+ strbuf_addf(&ref, "refs/tags/%s", *p);
+ if (read_ref(ref.buf, sha1)) {
error(_("tag '%s' not found."), *p);
had_error = 1;
- if (fn(*p, ref, sha1, cb_data))
+ if (fn(*p, ref.buf, sha1, cb_data))
had_error = 1;
+ strbuf_release(&ref);
return had_error;