parsers: fix list sizing rounding error (SEC)
CVE-2016-3630 (1/2)
This addresses part of a vulnerability in application of binary
deltas.
Test for CVE-2016-3630
$ hg init
>>> open("a.i", "w").write(
... """eJxjYGZgZIAAYQYGxhgom+k/FMx8YKx9ZUaKSOyqo4cnuKb8mbqHV5cBCVTMWb1Cwqkhe4Gsg9AD
... Joa3dYtcYYYBAQ8Qr4OqZAYRICPTSr5WKd/42rV36d+8/VmrNpv7NP1jQAXrQE4BqQUARngwVA=="""
... .decode("base64").decode("zlib"))
$ hg debugindex a.i
rev offset length delta linkrev nodeid p1 p2
0 0 19 -1 2 99e0332bd498 000000000000 000000000000
1 19 12 0 3 6674f57a23d8 99e0332bd498 000000000000
$ hg debugdata a.i 1 2>&1 | grep decoded
mpatch.mpatchError: patch cannot be decoded