On Mon, Oct 21, 2013 at 09:07:26PM +0200, Erik Faye-Lund wrote: > I would argue that this is probably even a bug on Linux, only harder > (if not impossible) to trigger by accident as there's probably no > git-client that will generate such trees. But a "malicious" client > might. I've just been poking through the impacts of these overflows, for that exact reason. I don't think any of them are easily triggerable by somebody sending you a malicious tree (e.g., the `remove_subtree` one only triggers when we have seen that tree in the filesystem, so it must be limited to `PATH_MAX`). Some of them are triggerable if you use particular options (e.g., the one in `match_order` is easy to trigger if you use `diff -O`). Still, they should all be fixed, even for Linux. I shouldn't have to trace the provenance of the data back through 10 functions just to find out a buffer overflow isn't easily exploitable. :) -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html