Patchwork D7234: dirs: reject consecutive slashes in paths

login
register
mail settings
Submitter phabricator
Date Nov. 5, 2019, 11:41 p.m.
Message ID <differential-rev-PHID-DREV-vyobhbt6qjndkmydowc6-req@mercurial-scm.org>
Download mbox | patch
Permalink /patch/42759/
State Superseded
Headers show

Comments

phabricator - Nov. 5, 2019, 11:41 p.m.
durin42 created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.

REVISION SUMMARY
  We shouldn't ever see those, and the fuzzer go really excited that if
  it gives us a 65k string with 55k slashes in it we use a lot of RAM.
  
  This is a better fix than what I tried in D7105 <https://phab.mercurial-scm.org/D7105>. It was suggested by
  Yuya, and I verified it does in fact cause the fuzzer to not OOM.

REPOSITORY
  rHG Mercurial

REVISION DETAIL
  https://phab.mercurial-scm.org/D7234

AFFECTED FILES
  mercurial/cext/dirs.c

CHANGE DETAILS




To: durin42, #hg-reviewers
Cc: mercurial-devel
phabricator - Nov. 6, 2019, 3:53 a.m.
indygreg added a comment.


  I had to drop this from `hg-committed` because Python 3 was not amused:
  
  `SystemError: <method 'addpath' of 'parsers.dirs' objects> returned NULL without setting an error`
  
  PTAL @durin42

REPOSITORY
  rHG Mercurial

CHANGES SINCE LAST ACTION
  https://phab.mercurial-scm.org/D7234/new/

REVISION DETAIL
  https://phab.mercurial-scm.org/D7234

To: durin42, #hg-reviewers, indygreg
Cc: mercurial-devel

Patch

diff --git a/mercurial/cext/dirs.c b/mercurial/cext/dirs.c
--- a/mercurial/cext/dirs.c
+++ b/mercurial/cext/dirs.c
@@ -66,6 +66,11 @@ 
 	while ((pos = _finddir(cpath, pos - 1)) != -1) {
 		PyObject *val;
 
+		// Sniff for trailing slashes, a marker of an invalid input.
+		if (cpath[pos] == '/') {
+			goto bail;
+		}
+
 		key = PyBytes_FromStringAndSize(cpath, pos);
 		if (key == NULL)
 			goto bail;