On Thu, 22 Mar 2007, Linus Torvalds wrote: > Ok, apart from #1, those should be in current -git now, along with better > validation checks (by Nico) when packing. So hopefully at least when there > is corruption in a loose object, we will now always notice when we do a > "git repack", and will never generate a broken pack-file. Knock wood. Not yet actually. What I did do is to make index-pack perform more validation and ensure it never accept SHA1 collisions. For the repack case... I think there should be a better way. Either we revalidate the full SHA1 which would be expensive as we'd basically lose most advantages of direct pack data copy. What I'm pondering is some sort of lightweight checksum like adler32 for object data in the pack but stored in the index. Since index-pack already perform the full SHA1 already, it could as well provide a checksum for the raw pack object data for the repack case. Currently we try to validate reused pack data by attempting an inflate pass on the object payload, but that doesn't validate the object type nor the reference SHA1 to delta base objects which could get corrupted and copied without noticing into another pack. > Of course, I actually wonder if the bug might be in your version of zlib > (miscompiled or some other thing), in which case *any* amount of > pre-validation won't really help, because it will become corrupted when we > deflate it prior to writing. For example, if "deflateBound()" sometimes > doesn't give a valid upper bound and we allocate too little space.. Well, since we provide the size of the allocated output buffer to zlib it would be seriously broken if it overflowed it. Also zlib perform a checksum verification of the deflated data if I remember correctly. So it seems to me that zlib should be quite self validating already. Nicolas - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html