diff --git a/setup.c b/setup.c
index 87c21f02e0e3bedb42305bbfe2b4223885d4250f..276916052795c5ffa872b57a7e6723edc71dfdc4 100644
--- a/setup.c
+++ b/setup.c
@@ -170,6 +170,8 @@ static int is_git_directory(const char *suspect)
 	char path[PATH_MAX];
 	size_t len = strlen(suspect);
 
+	if (PATH_MAX <= len + strlen("/objects"))
+		die("Too long path: %.*s", 60, suspect);
 	strcpy(path, suspect);
 	if (getenv(DB_ENVIRONMENT)) {
 		if (access(getenv(DB_ENVIRONMENT), X_OK))
diff --git a/t/README b/t/README
index b906ceb4766a283ae6b22bd037f9e1619feb12d1..a5901424388b9cfb525b7bdbfd6d5afda3c9e014 100644
--- a/t/README
+++ b/t/README
@@ -451,8 +451,10 @@ library for your script to use.
  - test_must_fail <git-command>
 
    Run a git command and ensure it fails in a controlled way.  Use
-   this instead of "! <git-command>" to fail when git commands
-   segfault.
+   this instead of "! <git-command>".  When git-command dies due to a
+   segfault, test_must_fail diagnoses it as an error; "! <git-command>"
+   treats it as just another expected failure, which would let such a
+   bug go unnoticed.
 
  - test_might_fail <git-command>