diff --git a/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/test/resources/gitgit.index.ZZZZ b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/test/resources/gitgit.index.ZZZZ
new file mode 100644
index 0000000000000000000000000000000000000000..c931c06fd60d981bcc612efb7da51ff5fc7cb51e
Binary files /dev/null and b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/test/resources/gitgit.index.ZZZZ differ
diff --git a/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/test/resources/gitgit.index.aaaa b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/test/resources/gitgit.index.aaaa
new file mode 100644
index 0000000000000000000000000000000000000000..3f13d61216593625ba190cde54c6c59c7d3c8145
Binary files /dev/null and b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/test/resources/gitgit.index.aaaa differ
diff --git a/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/test/resources/gitgit.index.badchecksum b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/test/resources/gitgit.index.badchecksum
new file mode 100644
index 0000000000000000000000000000000000000000..ab0382d9a3d6f64747273adb7a8639e005ea8246
Binary files /dev/null and b/org.eclipse.jgit.test/tst-rsrc/org/eclipse/jgit/test/resources/gitgit.index.badchecksum differ
diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/dircache/DirCacheCGitCompatabilityTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/dircache/DirCacheCGitCompatabilityTest.java
index 688fa73598587d444a521a4c273cada4b176901d..fa5fea8633fc6092453e1e32485f9051926329af 100644
--- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/dircache/DirCacheCGitCompatabilityTest.java
+++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/dircache/DirCacheCGitCompatabilityTest.java
@@ -52,6 +52,7 @@
 import java.util.LinkedHashMap;
 import java.util.Map;
 
+import org.eclipse.jgit.errors.CorruptObjectException;
 import org.eclipse.jgit.junit.LocalDiskRepositoryTestCase;
 import org.eclipse.jgit.lib.FileMode;
 import org.eclipse.jgit.lib.ObjectId;
@@ -100,6 +101,34 @@ public void testTreeWalk_LsFiles() throws Exception {
 		}
 	}
 
+	public void testUnsupportedOptionalExtension() throws Exception {
+		final DirCache dc = new DirCache(pathOf("gitgit.index.ZZZZ"));
+		dc.read();
+		assertEquals(1, dc.getEntryCount());
+		assertEquals("A", dc.getEntry(0).getPathString());
+	}
+
+	public void testUnsupportedRequiredExtension() throws Exception {
+		final DirCache dc = new DirCache(pathOf("gitgit.index.aaaa"));
+		try {
+			dc.read();
+			fail("Cache loaded an unsupported extension");
+		} catch (CorruptObjectException err) {
+			assertEquals("DIRC extension 'aaaa'"
+					+ " not supported by this version.", err.getMessage());
+		}
+	}
+
+	public void testCorruptChecksumAtFooter() throws Exception {
+		final DirCache dc = new DirCache(pathOf("gitgit.index.badchecksum"));
+		try {
+			dc.read();
+			fail("Cache loaded despite corrupt checksum");
+		} catch (CorruptObjectException err) {
+			assertEquals("DIRC checksum mismatch", err.getMessage());
+		}
+	}
+
 	private static void assertEqual(final CGitIndexRecord c,
 			final DirCacheEntry j) {
 		assertNotNull(c);
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/dircache/DirCache.java b/org.eclipse.jgit/src/org/eclipse/jgit/dircache/DirCache.java
index ec0df23374fbca26b3d2b28f62a919e6166163e2..189787dd9e0166a8517dc81dc31025050731d00e 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/dircache/DirCache.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/dircache/DirCache.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2009, Google Inc.
+ * Copyright (C) 2008-2010, Google Inc.
  * Copyright (C) 2008, Shawn O. Pearce <spearce@spearce.org>
  * and other copyright owners as documented in the project's IP log.
  *
@@ -46,12 +46,14 @@
 
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
+import java.io.EOFException;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.OutputStream;
-import java.nio.ByteBuffer;
+import java.io.UnsupportedEncodingException;
 import java.security.DigestOutputStream;
 import java.security.MessageDigest;
 import java.util.Arrays;
@@ -387,13 +389,20 @@ private void readFrom(final FileInputStream inStream) throws IOException,
 				//
 				break;
 			}
+
 			in.reset();
+			md.update(hdr, 0, 8);
+			IO.skipFully(in, 8);
 
+			long sz = NB.decodeUInt32(hdr, 4);
 			switch (NB.decodeInt32(hdr, 0)) {
 			case EXT_TREE: {
-				final byte[] raw = new byte[NB.decodeInt32(hdr, 4)];
-				md.update(hdr, 0, 8);
-				IO.skipFully(in, 8);
+				if (Integer.MAX_VALUE < sz) {
+					throw new CorruptObjectException("DIRC extension "
+							+ formatExtensionName(hdr) + " is too large at "
+							+ sz + " bytes.");
+				}
+				final byte[] raw = new byte[(int) sz];
 				IO.readFully(in, raw, 0, raw.length);
 				md.update(raw, 0, raw.length);
 				tree = new DirCacheTree(raw, new MutableInteger(), null);
@@ -403,18 +412,18 @@ private void readFrom(final FileInputStream inStream) throws IOException,
 				if (hdr[0] >= 'A' && hdr[0] <= 'Z') {
 					// The extension is optional and is here only as
 					// a performance optimization. Since we do not
-					// understand it, we can safely skip past it.
+					// understand it, we can safely skip past it, after
+					// we include its data in our checksum.
 					//
-					IO.skipFully(in, NB.decodeUInt32(hdr, 4));
+					skipOptionalExtension(in, md, hdr, sz);
 				} else {
 					// The extension is not an optimization and is
 					// _required_ to understand this index format.
 					// Since we did not trap it above we must abort.
 					//
-					throw new CorruptObjectException("DIRC extension '"
-							+ Constants.CHARSET.decode(
-									ByteBuffer.wrap(hdr, 0, 4)).toString()
-							+ "' not supported by this version.");
+					throw new CorruptObjectException("DIRC extension "
+							+ formatExtensionName(hdr)
+							+ " not supported by this version.");
 				}
 			}
 		}
@@ -425,6 +434,27 @@ private void readFrom(final FileInputStream inStream) throws IOException,
 		}
 	}
 
+	private void skipOptionalExtension(final InputStream in,
+			final MessageDigest md, final byte[] hdr, long sz)
+			throws IOException {
+		final byte[] b = new byte[4096];
+		while (0 < sz) {
+			int n = in.read(b, 0, (int) Math.min(b.length, sz));
+			if (n < 0) {
+				throw new EOFException("Short read of optional DIRC extension "
+						+ formatExtensionName(hdr) + "; expected another " + sz
+						+ " bytes within the section.");
+			}
+			md.update(b, 0, n);
+			sz -= n;
+		}
+	}
+
+	private static String formatExtensionName(final byte[] hdr)
+			throws UnsupportedEncodingException {
+		return "'" + new String(hdr, 0, 4, "ISO-8859-1") + "'";
+	}
+
 	private static boolean is_DIRC(final byte[] hdr) {
 		if (hdr.length < SIG_DIRC.length)
 			return false;