The "M20" command uses this function to list all files on the sdcard.
The variable "path" is defined as

char path[13*2];

...but it concatenates up to 10 directory names in this buffer during the recursive calls (MAX_DIR_DEPTH):

strcat(path,prepend);

See:
cardreader.cpp - lines 64 to 89