check that dirent names do not exceed our max length

this is protecting the code from weirdness/corruption of the
underlying database records. it shouldn't be necessary, but
better safe than sorry.

src/readdir.cc

@@ -69,14 +69,17 @@ InflightAction Inflight_readdir::callback() {
   for (int i = 0; i < kvcount; i++) {
     FDBKeyValue kv = kvs[i];
 
-    char name[1024];
     if (kv.key_length <= dirent_prefix_length) {
       // serious internal error. we somehow got back a key that was too short?
       printf("eio!\n");
       return InflightAction::Abort(EIO);
     }
     int keylen = kv.key_length - dirent_prefix_length;
-    // TOOD if keylen<=0 throw internal error.
+    if ((keylen <= 0) || (keylen > MAXFILENAMELEN)) {
+      // internal error
+      return InflightAction::Abort(EIO);
+    }
+    char name[MAXFILENAMELEN + 1];
     bcopy(((uint8_t *)kv.key) + dirent_prefix_length, name, keylen);
     name[keylen] = '\0'; // null terminate
 

src/util.h

@@ -43,6 +43,8 @@
 #define XATTR_NODE_PREFIX 'x'
 #define XATTR_DATA_PREFIX 'X'
 
+#define MAXFILENAMELEN 255
+
 // will be filled out before operation begins
 extern FDBDatabase *database;
 // must NOT be modified after it is set.
@@ -100,8 +102,9 @@ template <typename T> void print_bytes(const T *str, int strlength) {
 using range_keys = std::pair<std::vector<uint8_t>, std::vector<uint8_t>>;
 [[nodiscard]] range_keys offset_size_to_range_keys(fuse_ino_t, size_t, size_t);
 
-[[nodiscard]] extern bool filename_length_check(fuse_req_t, const char *,
-                                                size_t maxlength = 255);
+[[nodiscard]] extern bool
+filename_length_check(fuse_req_t, const char *,
+                      size_t maxlength = MAXFILENAMELEN);
 
 extern void update_atime(INodeRecord *, const struct timespec *);
 extern void update_mtime(INodeRecord *, const struct timespec *);