comparison mercurial/cext/dirs.c @ 40457:9cdd525d97b2 stable

revlog: fix out-of-bounds access by negative parents read from revlog (SEC) 82d6a35cf432 wasn't enough. Several callers don't check negative revisions but for -1 (nullrev), which would directly lead to out-of-bounds read, and buffer overflow could follow. RCE might be doable with carefully crafted revlog structure, though I don't think this would be useful attack surface.
author Yuya Nishihara <yuya@tcha.org>
date Thu, 01 Nov 2018 20:32:59 +0900
parents b90e8da190da
children d8e55c0c642c
comparison
equal deleted inserted replaced
40456:44c2e80db985 40457:9cdd525d97b2