Chris Lamb: > tags 854723 + pending > thanks > >> diffoscope may write to arbitrary locations on disk depending on the contents >> of an untrusted archive > > We can actually avoid all edge-cases of sanitisation by simply not using > the supplied filename and maintaining our own mapping. > > Given this is both safer (and has far less code) I've gone ahead and committed > that here: > > > https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=632a40828a54b399787c25e7fa243f732aef7e05 >
Thanks, this is better. However this particular scheme might not work so well with large archives with lots and lots of members (>many thousands), depending on what filesystem the tempdir contained in. I'd suggest to use names like $x/$y where $x = idx // 4096, $y = idx % 4096. X -- GPG: ed25519/56034877E1F87C35 GPG: rsa4096/1318EFAC5FBBDBCE https://github.com/infinity0/pubkeys.git