Ximin Luo: > Chris Lamb: >> tags 854723 + pending >> thanks >> >>> diffoscope may write to arbitrary locations on disk depending on the >>> contents >>> of an untrusted archive >> >> We can actually avoid all edge-cases of sanitisation by simply not using >> the supplied filename and maintaining our own mapping. >> >> Given this is both safer (and has far less code) I've gone ahead and >> committed >> that here: >> >> >> https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=632a40828a54b399787c25e7fa243f732aef7e05 >> > > Thanks, this is better. > > However this particular scheme might not work so well with large archives > with lots and lots of members (>many thousands), depending on what filesystem > the tempdir contained in. I'd suggest to use names like $x/$y where $x = idx > // 4096, $y = idx % 4096. >
Also, are you sure this doesn't interfere with the detection of order-only differences, or the ability to match up similar-member-names? X -- GPG: ed25519/56034877E1F87C35 GPG: rsa4096/1318EFAC5FBBDBCE https://github.com/infinity0/pubkeys.git
