Jeff King <peff@xxxxxxxx> writes: > The reason I mentioned escaping earlier is I wondered what would happen > when the submodule starts with a double-quote, or has a newline in the > name. Git's normal quoting would include backslash escape sequences, and > I wondered if we might be relying on any of these "read" calls to > interpret them. But I don't think so, for two reasons. > > One, because that quoting also puts double-quotes around the name. So > plain "read" would not be sufficient to de-quote for us anyway. Correct. These are c-quoting and "read" does not know what to do with them. > And two, because these are being fed from "submodule--helper", which > does not seem to quote in the first place. Which probably is a bug we can fix safely, as submodule--helper is merely an implementation detail of our toolset, not something the end users' scripts can rely on.