Make BigInteger calculations more secure: BigInteger ordered composition is not guaranteed to be collision-free when the inputs are not uniformly distributed. Thus, we cannot blindly add strings/booleans/etc. when fingerprinting. For simplicity, we delegate to a normal Fingerprint for everything that isn't known to be uniformly distributed, although we then have to be careful with how BigInteger is ordered with respect to the other fields. PiperOrigin-RevId: 232551309

commit: 458f07a9de18dc3bcc826993e33b31ff9a9af7a4 [log] [tgz]
author: janakr <janakr@google.com> Tue Feb 05 13:51:54 2019 -0800
committer: Copybara-Service <copybara-piper@google.com> Tue Feb 05 13:53:31 2019 -0800
tree: 291b071937da3f5d254035d78af1410e7008c2fb
parent: 5d53171307b1edb5014e9f8baab6cc814b4a2511 [diff] [blame]
diff --git a/src/main/java/com/google/devtools/build/lib/skyframe/TreeArtifactValue.java b/src/main/java/com/google/devtools/build/lib/skyframe/TreeArtifactValue.java
index 9221ebc..dd72ee2 100644
--- a/src/main/java/com/google/devtools/build/lib/skyframe/TreeArtifactValue.java
+++ b/src/main/java/com/google/devtools/build/lib/skyframe/TreeArtifactValue.java

@@ -108,7 +108,7 @@
   public BigInteger getValueFingerprint() {
     if (valueFingerprint == null) {
       BigIntegerFingerprint fp = new BigIntegerFingerprint();
-      fp.addBytes(digest);
+      fp.addDigestedBytes(digest);
       valueFingerprint = fp.getFingerprint();
     }
     return valueFingerprint;
commit	458f07a9de18dc3bcc826993e33b31ff9a9af7a4	[log] [tgz]
author	janakr <janakr@google.com>	Tue Feb 05 13:51:54 2019 -0800
committer	Copybara-Service <copybara-piper@google.com>	Tue Feb 05 13:53:31 2019 -0800
tree	291b071937da3f5d254035d78af1410e7008c2fb
parent	5d53171307b1edb5014e9f8baab6cc814b4a2511 [diff] [blame]