diff -up cgit-0.8.2.1/git/setup.c.cve-2010-2542 cgit-0.8.2.1/git/setup.c
--- cgit-0.8.2.1/git/setup.c.cve-2010-2542	2009-01-25 19:48:26.000000000 -0500
+++ cgit-0.8.2.1/git/setup.c	2010-09-27 18:14:27.377427596 -0400
@@ -239,6 +239,8 @@ static int is_git_directory(const char *
 	char path[PATH_MAX];
 	size_t len = strlen(suspect);
 
+	if (PATH_MAX <= len + strlen("/objects"))
+		die("Too long path: %.*s", 60, suspect);
 	strcpy(path, suspect);
 	if (getenv(DB_ENVIRONMENT)) {
 		if (access(getenv(DB_ENVIRONMENT), X_OK))