On Thu, Oct 20, 2011 at 5:57 PM, Junio C Hamano <gitster@xxxxxxxxx> wrote: > Jeff King <peff@xxxxxxxx> writes: > >> Agreed. Having hidden cruft makes birthday collision attacks easier (or >> it will, if sha1 ever gets broken to that point). Unfortunately, there >> is a _ton_ of code which assumes that commit messages are >> NUL-terminated, as they always have been since e871b64 (2005-05-25). > > I think that commit is irrelevant, as long as read_sha1_file() returns the > contents as <ptr,len> pair, which has been the case forever. It's just the > matter of propagating the length back up the callchain. > > A naïve implementation to add "len" member to struct commit would increase > the size of the in-core commit object by sizeof(unsigned long), which we > may want to avoid. Traversals that care nothing but the topology of the > history would have to waste that memory and these things tend to add up > (8-byte ulong * 250k commits = 2MB). Or write commit_length(struct commit *c) that calculates SHA-1 from c->buf and checks against c->object.sha1. If it does not match, consider NUL part of the message and move to the next NUL. This function would be expensive so we may not call frequently though. Or store length in ((int*)c->buf)[-1]. -- Duy -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html