On Wed, Jun 9, 2010 at 12:22, Steven Michalske <smichalske@xxxxxxxxx> wrote: > is_git_directory() uses strcpy with pointer arithmitic, protect it from > overflowing. Even though we currently protect higher up when we have the > environment variable path passed in, we should protect the calls here. Why? The function is static. > - strcpy(path, suspect); > + path[sizeof(path) - 1] = '\0'; > + > + strncpy(path, suspect, sizeof(path) - 1); And we have strlcpy for such things. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html