path: use size_t for dir_prefix length

jayatheerthkulkarni · gitster · commit 61d0b79e4c2d · 2026-03-04T09:06:30.000-08:00
The strlen() function returns a size_t. Storing this in a standard
signed int is a bad practice that invites overflow vulnerabilities if
paths get absurdly long.

Switch the variable to size_t. This is safe to do because 'len' is
strictly used as an argument to strncmp() (which expects size_t) and
as a positive array index, involving no signed arithmetic that could
rely on negative values.

Signed-off-by: K Jayatheerth &lt;jayatheerthkulkarni2005@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
diff --git a/path.c b/path.c
@@ -58,7 +58,7 @@ static void strbuf_cleanup_path(struct strbuf *sb)
 
 static int dir_prefix(const char *buf, const char *dir)
 {
-	int len = strlen(dir);
+	size_t len = strlen(dir);
 	return !strncmp(buf, dir, len) &&
 		(is_dir_sep(buf[len]) || buf[len] == '\0');
 }

Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ static void strbuf_cleanup_path(struct strbuf *sb)`
`58`	`58`
`59`	`59`	`static int dir_prefix(const char buf, const char dir)`
`60`	`60`	`{`
`61`		`- int len = strlen(dir);`
	`61`	`+ size_t len = strlen(dir);`
`62`	`62`	`return !strncmp(buf, dir, len) &&`
`63`	`63`	`(is_dir_sep(buf[len]) \|\| buf[len] == '\0');`
`64`	`64`	`}`