From 21345e0d1767ee4d927790cd7d318fe8b125a3ba Mon Sep 17 00:00:00 2001 From: Adrian Ratiu Date: Mon, 8 Sep 2025 17:01:14 +0300 Subject: [PATCH] submodule: error out if gitdir name is too long Encoding submodule names increases their name size, so there is an increased risk to hit the max filename length in the gitdir path. (the likelihood is still rather small, so it's an acceptable risk) This gitdir file-name-too-long corner case can be be addressed in multiple ways, including sharding or trimming, however for now, just add the portable logic (suggested by Peff) to detect the corner case then error out to avoid comitting to a specific policy (or policies). In the future, instead of throwing an error (which we do now anyway without submodule encoding), we could maybe let the user specify via configs how to address this case, eg pick trimming or sharding. Suggested-by: Jeff King Signed-off-by: Adrian Ratiu Signed-off-by: Junio C Hamano --- Makefile | 5 +++++ compat/pathconf.c | 10 ++++++++++ compat/posix.h | 8 ++++++++ config.mak.uname | 2 ++ meson.build | 1 + submodule.c | 14 ++++++++++++++ 6 files changed, 40 insertions(+) create mode 100644 compat/pathconf.c diff --git a/Makefile b/Makefile index e11340c1ae..ea1156b683 100644 --- a/Makefile +++ b/Makefile @@ -2210,6 +2210,11 @@ ifndef HAVE_PLATFORM_PROCINFO COMPAT_OBJS += compat/stub/procinfo.o endif +ifdef NO_PATHCONF + COMPAT_CFLAGS += -DNO_PATHCONF + COMPAT_OBJS += compat/pathconf.o +endif + ifdef RUNTIME_PREFIX ifdef HAVE_BSD_KERN_PROC_SYSCTL diff --git a/compat/pathconf.c b/compat/pathconf.c new file mode 100644 index 0000000000..37500cfa0d --- /dev/null +++ b/compat/pathconf.c @@ -0,0 +1,10 @@ +#include "git-compat-util.h" + +/* + * Minimal stub for platforms without pathconf() (e.g. Windows), + * to fall back to NAME_MAX from limits.h or compat/posix.h. + */ +long git_pathconf(const char *path UNUSED, int name UNUSED) +{ + return -1; +} diff --git a/compat/posix.h b/compat/posix.h index 067a00f33b..aa050fd58c 100644 --- a/compat/posix.h +++ b/compat/posix.h @@ -250,6 +250,14 @@ char *gitdirname(char *); #define NAME_MAX 255 #endif +#ifdef NO_PATHCONF +#ifndef _PC_NAME_MAX +#define _PC_NAME_MAX 1 /* dummy value, only used for git_pathconf */ +#endif +#define pathconf(a,b) git_pathconf(a,b) +long git_pathconf(const char *path, int name); +#endif + typedef uintmax_t timestamp_t; #define PRItime PRIuMAX #define parse_timestamp strtoumax diff --git a/config.mak.uname b/config.mak.uname index 1691c6ae6e..49ba3de39d 100644 --- a/config.mak.uname +++ b/config.mak.uname @@ -473,6 +473,7 @@ ifeq ($(uname_S),Windows) NEEDS_CRYPTO_WITH_SSL = YesPlease NO_LIBGEN_H = YesPlease NO_POLL = YesPlease + NO_PATHCONF = YesPlease NO_SYMLINK_HEAD = YesPlease NO_IPV6 = YesPlease NO_SETENV = YesPlease @@ -688,6 +689,7 @@ ifeq ($(uname_S),MINGW) NEEDS_CRYPTO_WITH_SSL = YesPlease NO_LIBGEN_H = YesPlease NO_POLL = YesPlease + NO_PATHCONF = YesPlease NO_SYMLINK_HEAD = YesPlease NO_SETENV = YesPlease NO_STRCASESTR = YesPlease diff --git a/meson.build b/meson.build index 5dd299b496..3ae5c391a9 100644 --- a/meson.build +++ b/meson.build @@ -1392,6 +1392,7 @@ checkfuncs = { 'initgroups' : [], 'strtoumax' : ['strtoumax.c', 'strtoimax.c'], 'pread' : ['pread.c'], + 'pathconf' : ['pathconf.c'], } if host_machine.system() == 'windows' diff --git a/submodule.c b/submodule.c index 8e0fd077db..016509806e 100644 --- a/submodule.c +++ b/submodule.c @@ -2641,5 +2641,19 @@ void submodule_name_to_gitdir(struct strbuf *buf, struct repository *r, strbuf_release(&tmp); strbuf_addbuf(buf, &encoded_sub_name); + /* Ensure final path length is below NAME_MAX after encoding */ + name_max = pathconf(buf->buf, _PC_NAME_MAX); + if (name_max == -1) + name_max = NAME_MAX; + + encoded_len = buf->len - base_len; + if (encoded_len > name_max) + /* + * TODO: make this smarter; instead of erroring out, maybe we could trim or + * shard the gitdir names to make them fit under NAME_MAX. + */ + die(_("encoded submodule name '%s' is too long (%"PRIuMAX" bytes, limit %"PRIuMAX")"), + encoded_sub_name.buf, (uintmax_t)encoded_len, (uintmax_t)name_max); + strbuf_release(&encoded_sub_name); }