From patchwork Tue Nov 5 23:41:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: D7234: dirs: reject consecutive slashes in paths From: phabricator X-Patchwork-Id: 42759 Message-Id: To: Phabricator Cc: mercurial-devel@mercurial-scm.org Date: Tue, 5 Nov 2019 23:41:25 +0000 durin42 created this revision. Herald added a subscriber: mercurial-devel. Herald added a reviewer: hg-reviewers. REVISION SUMMARY We shouldn't ever see those, and the fuzzer go really excited that if it gives us a 65k string with 55k slashes in it we use a lot of RAM. This is a better fix than what I tried in D7105 . It was suggested by Yuya, and I verified it does in fact cause the fuzzer to not OOM. REPOSITORY rHG Mercurial REVISION DETAIL https://phab.mercurial-scm.org/D7234 AFFECTED FILES mercurial/cext/dirs.c CHANGE DETAILS To: durin42, #hg-reviewers Cc: mercurial-devel diff --git a/mercurial/cext/dirs.c b/mercurial/cext/dirs.c --- a/mercurial/cext/dirs.c +++ b/mercurial/cext/dirs.c @@ -66,6 +66,11 @@ while ((pos = _finddir(cpath, pos - 1)) != -1) { PyObject *val; + // Sniff for trailing slashes, a marker of an invalid input. + if (cpath[pos] == '/') { + goto bail; + } + key = PyBytes_FromStringAndSize(cpath, pos); if (key == NULL) goto bail;