Patchwork parsers: check for memory allocation overflows more carefully

login
register
mail settings
Submitter Bryan O'Sullivan
Date April 6, 2015, 3:32 p.m.
Message ID <9dcbfb4734e11ac253e7.1428334338@bryano-mbp.local>
Download mbox | patch
Permalink /patch/8510/
State Accepted
Headers show

Comments

Bryan O'Sullivan - April 6, 2015, 3:32 p.m.
# HG changeset patch
# User Bryan O'Sullivan <bryano@fb.com>
# Date 1428333807 25200
#      Mon Apr 06 08:23:27 2015 -0700
# Node ID 9dcbfb4734e11ac253e7a43a233f4a545703faec
# Parent  8a6a86c9a5b58ccc020de1ff0429e72dfa5599fc
parsers: check for memory allocation overflows more carefully
Sean Farley - April 6, 2015, 4:23 p.m.
Bryan O'Sullivan <bos@serpentine.com> writes:

> # HG changeset patch
> # User Bryan O'Sullivan <bryano@fb.com>
> # Date 1428333807 25200
> #      Mon Apr 06 08:23:27 2015 -0700
> # Node ID 9dcbfb4734e11ac253e7a43a233f4a545703faec
> # Parent  8a6a86c9a5b58ccc020de1ff0429e72dfa5599fc
> parsers: check for memory allocation overflows more carefully
>
> diff --git a/mercurial/parsers.c b/mercurial/parsers.c
> --- a/mercurial/parsers.c
> +++ b/mercurial/parsers.c
> @@ -867,6 +867,11 @@ static int nt_find(indexObject *self, co
>  static int nt_new(indexObject *self)
>  {
>  	if (self->ntlength == self->ntcapacity) {
> +		if (self->ntcapacity >= INT_MAX / (sizeof(nodetree) * 2)) {
> +			PyErr_SetString(PyExc_MemoryError,
> +					"overflow in nt_new");

Small nit: this line break doesn't seem necessary?
Matt Mackall - April 6, 2015, 8:52 p.m.
On Mon, 2015-04-06 at 08:32 -0700, Bryan O'Sullivan wrote:
> # HG changeset patch
> # User Bryan O'Sullivan <bryano@fb.com>
> # Date 1428333807 25200
> #      Mon Apr 06 08:23:27 2015 -0700
> # Node ID 9dcbfb4734e11ac253e7a43a233f4a545703faec
> # Parent  8a6a86c9a5b58ccc020de1ff0429e72dfa5599fc
> parsers: check for memory allocation overflows more carefully

Queued for default, thanks.
Matt Mackall - April 6, 2015, 8:54 p.m.
On Mon, 2015-04-06 at 09:23 -0700, Sean Farley wrote:
> Bryan O'Sullivan <bos@serpentine.com> writes:
> 
> > # HG changeset patch
> > # User Bryan O'Sullivan <bryano@fb.com>
> > # Date 1428333807 25200
> > #      Mon Apr 06 08:23:27 2015 -0700
> > # Node ID 9dcbfb4734e11ac253e7a43a233f4a545703faec
> > # Parent  8a6a86c9a5b58ccc020de1ff0429e72dfa5599fc
> > parsers: check for memory allocation overflows more carefully
> >
> > diff --git a/mercurial/parsers.c b/mercurial/parsers.c
> > --- a/mercurial/parsers.c
> > +++ b/mercurial/parsers.c
> > @@ -867,6 +867,11 @@ static int nt_find(indexObject *self, co
> >  static int nt_new(indexObject *self)
> >  {
> >  	if (self->ntlength == self->ntcapacity) {
> > +		if (self->ntcapacity >= INT_MAX / (sizeof(nodetree) * 2)) {
> > +			PyErr_SetString(PyExc_MemoryError,
> > +					"overflow in nt_new");

It is in fact just wide enough without the break to go over 80.

Patch

diff --git a/mercurial/parsers.c b/mercurial/parsers.c
--- a/mercurial/parsers.c
+++ b/mercurial/parsers.c
@@ -867,6 +867,11 @@  static int nt_find(indexObject *self, co
 static int nt_new(indexObject *self)
 {
 	if (self->ntlength == self->ntcapacity) {
+		if (self->ntcapacity >= INT_MAX / (sizeof(nodetree) * 2)) {
+			PyErr_SetString(PyExc_MemoryError,
+					"overflow in nt_new");
+			return -1;
+		}
 		self->ntcapacity *= 2;
 		self->nt = realloc(self->nt,
 				   self->ntcapacity * sizeof(nodetree));
@@ -928,7 +933,7 @@  static int nt_insert(indexObject *self, 
 static int nt_init(indexObject *self)
 {
 	if (self->nt == NULL) {
-		if (self->raw_length > INT_MAX) {
+		if (self->raw_length > INT_MAX / sizeof(nodetree)) {
 			PyErr_SetString(PyExc_ValueError, "overflow in nt_init");
 			return -1;
 		}