Junio C Hamano wrote: > Ramsay Jones <ramsay@xxxxxxxxxxxxxxxxxxx> writes: > >> Subject: [PATCH] path.c: Fix a static buffer overwrite bug by avoiding mkpath() >> >> In order to fix the bug, we introduce a new variation of the mkpath() >> function, mkpathdup(), which avoids the use of the internal static >> buffers. > > Shouldn't we aim a bit higher to also avoid the use of bounded > buffer? Instead of returning bad_path, retry with lengthened buffer > until we succeed, or something. > > Better yet, internally use strbuf_vaddf(). Sorry for the late reply, I've been away ... Yes, I wasn't aiming too high. In fact I was only aiming for "I spent the last 20 minutes fixing up your patch so that it doesn't tickle the bug on cygwin, and it looks like this..." :-P While away, I did rewrite mkpathdup() to address your concerns (although I didn't use strbuf_vaddf()). However, I see that Nguyen has not been idle and, with help from others, has fixed up the patch and re-rolled the series (v7 I think). I haven't fetched that mail yet, but it looked good and should not tickle the cygwin bug. I will test it soon. ATB, Ramsay Jones -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html