On Sat, Nov 30, 2024 at 07:01:03PM -0500, Taylor Blau wrote:
> diff --git a/builtin/repack.c b/builtin/repack.c
> index d6bb37e84ae..57cab72dcf5 100644
> --- a/builtin/repack.c
> +++ b/builtin/repack.c
> @@ -1553,6 +1553,21 @@ int cmd_repack(int argc,
> &existing);
> if (show_progress)
> opts |= PRUNE_PACKED_VERBOSE;
> +
> + if (expire_to && *expire_to) {
> + char *alt = dirname(xstrdup(expire_to));
> + size_t len = strlen(alt);
> +
> + if (strip_suffix(alt, "pack", &len) &&
> + is_dir_sep(alt[len - 1])) {
Argh. This clearly needs a bounds check to ensure that 'len >= 1'.
I suspect that passing "--expire-to=pack/xyz" would segfault.
Thanks,
Taylor
