changeset 40775:959130631de3

revlog: properly detect corrupted revlog in `index_get_length` Pointed out by Yuya Nishihara.
author Boris Feld <boris.feld@octobus.net>
date Mon, 26 Nov 2018 00:21:09 +0100
parents 30d878cb102d
children 8edca70dc951
files mercurial/cext/revlog.c
diffstat 1 files changed, 8 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/cext/revlog.c	Mon Nov 26 00:15:12 2018 +0100
+++ b/mercurial/cext/revlog.c	Mon Nov 26 00:21:09 2018 +0100
@@ -242,7 +242,14 @@
 		return (int)ret;
 	} else {
 		const char *data = index_deref(self, rev);
-		return (int)getbe32(data + 8);
+		int tmp = (int)getbe32(data + 8);
+		if (tmp < 0) {
+			PyErr_Format(PyExc_OverflowError,
+			             "revlog entry size out of bound (%d)",
+			             tmp);
+			return -1;
+		}
+		return tmp;
 	}
 }