| Submitter | Yuya Nishihara |
|---|---|
| Date | Dec. 2, 2015, 3:01 p.m. |
| Message ID | <f5e8cb813a4d5c0665c7.1449068515@mimosa> |
| Download | mbox | patch |
| Permalink | /patch/11745/ |
| State | Accepted |
| Headers | show |
Comments
On Thu, Dec 03, 2015 at 12:01:55AM +0900, Yuya Nishihara wrote: > # HG changeset patch > # User Yuya Nishihara <yuya@tcha.org> > # Date 1449065098 -32400 > # Wed Dec 02 23:04:58 2015 +0900 > # Branch stable > # Node ID f5e8cb813a4d5c0665c7e144d96810b4763c42d1 > # Parent 7e1fac6c0a9ce6afd3edeed5e47bcca343155d8a > parsers: fix parse_dirstate to check len before unpacking header (issue4979) Sure, queued for stable since it's such a trivial crasher fix. > > diff --git a/mercurial/parsers.c b/mercurial/parsers.c > --- a/mercurial/parsers.c > +++ b/mercurial/parsers.c > @@ -493,6 +493,11 @@ static PyObject *parse_dirstate(PyObject > > /* read filenames */ > while (pos >= 40 && pos < len) { > + if (pos + 17 > len) { > + PyErr_SetString(PyExc_ValueError, > + "overflow in dirstate"); > + goto quit; > + } > cur = str + pos; > /* unpack header */ > state = *cur; > _______________________________________________ > Mercurial-devel mailing list > Mercurial-devel@selenic.com > https://selenic.com/mailman/listinfo/mercurial-devel
Patch
diff --git a/mercurial/parsers.c b/mercurial/parsers.c --- a/mercurial/parsers.c +++ b/mercurial/parsers.c @@ -493,6 +493,11 @@ static PyObject *parse_dirstate(PyObject /* read filenames */ while (pos >= 40 && pos < len) { + if (pos + 17 > len) { + PyErr_SetString(PyExc_ValueError, + "overflow in dirstate"); + goto quit; + } cur = str + pos; /* unpack header */ state = *cur;