On Tue, Apr 21, 2015 at 04:56:08PM +0530, karthik nayak wrote: > >>+ status = unpack_sha1_header(stream, map, mapsize, buffer, bufsiz); > > > >I wonder if we would feel comfortable just running this NUL-check as > >part of unpack_sha1_header (i.e., in all code paths). It _shouldn't_ > >trigger in normal use, but I wonder if there would be any downsides > >(e.g., maliciously crafted objects getting us to allocate memory or > >something; I think it is fairly easy to convince git to allocate memory, > >though). > > > But why would we want it to be a part of unpack_sha1_header? Just to reduce the number of functions and the complexity of the caller. But I guess it doesn't help that much if the caller would then need to speculatively pass in a strbuf. So it's probably not a good idea. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html