Ramkumar Ramachandra wrote: > Change the instruction sheet format subtly so that the subject of the > commit message that follows the object name is optional. As a result, > an instruction sheet like this is now perfectly valid: > > pick 35b0426 > pick fbd5bbcbc2e > pick 7362160f > > While at it, also fix a bug: currently, we use a commit-id-shaped > buffer to store the word after "pick" in '.git/sequencer/todo'. This > is both wasteful and wrong because it places an artificial limit on > the line length. Eliminate the need for the buffer altogether, and > add a test demonstrating this. > > [jc: simplify parsing] Reading the above does not make it at all obvious that I should want to apply this patch because otherwise my prankster friend can cause my copy of git to crash or run arbitrary code by putting a long commit name in .git/sequencer/todo in our NFS-mounted shared checkout. (Yes, I know there are other problems with such a setup, especially if .git/hooks or .git/config is writable by untrusted people. So it is not actually a security bug, but a robustness one.) -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html