Mercurial > hg-stable
comparison mercurial/cext/dirs.c @ 40457:9cdd525d97b2 stable
revlog: fix out-of-bounds access by negative parents read from revlog (SEC)
82d6a35cf432 wasn't enough. Several callers don't check negative revisions
but for -1 (nullrev), which would directly lead to out-of-bounds read, and
buffer overflow could follow. RCE might be doable with carefully crafted
revlog structure, though I don't think this would be useful attack surface.
author | Yuya Nishihara <yuya@tcha.org> |
---|---|
date | Thu, 01 Nov 2018 20:32:59 +0900 |
parents | b90e8da190da |
children | d8e55c0c642c |
comparison
equal
deleted
inserted
replaced
40456:44c2e80db985 | 40457:9cdd525d97b2 |
---|