On Fri, Jul 20, 2018 at 10:48:37AM -0700, Elijah Newren wrote: > > Is it possible to extend this to ban variables as well? I'm still > > going to delete the_index from library code. Once that work is done I > > Or perhaps constants, such as PATH_MAX to avoid problems like this one > from 2.18.0 timeframe: > https://public-inbox.org/git/7d1237c7-5a83-d766-7d93-5f0d59166067@xxxxxx/ I've been slowly trying to eradicate PATH_MAX from our code base. And I would be happy with an eventual automated ban there. Unlike the_index, it comes from the system, so it's in the same boat as strcpy() etc. That said, I think it's less urgent. The urgent problem fixed by the patch you linked was the use of strcpy() to overflow the buffer. Without that, it just becomes a normal bug where we do not handle long paths well on some operating systems. -Peff
