Mercurial > hg-stable
changeset 40775:959130631de3
revlog: properly detect corrupted revlog in `index_get_length`
Pointed out by Yuya Nishihara.
author | Boris Feld <boris.feld@octobus.net> |
---|---|
date | Mon, 26 Nov 2018 00:21:09 +0100 |
parents | 30d878cb102d |
children | 8edca70dc951 |
files | mercurial/cext/revlog.c |
diffstat | 1 files changed, 8 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/cext/revlog.c Mon Nov 26 00:15:12 2018 +0100 +++ b/mercurial/cext/revlog.c Mon Nov 26 00:21:09 2018 +0100 @@ -242,7 +242,14 @@ return (int)ret; } else { const char *data = index_deref(self, rev); - return (int)getbe32(data + 8); + int tmp = (int)getbe32(data + 8); + if (tmp < 0) { + PyErr_Format(PyExc_OverflowError, + "revlog entry size out of bound (%d)", + tmp); + return -1; + } + return tmp; } }