Mercurial > hg
comparison mercurial/mpatch.c @ 28656:b6ed2505d6cf stable
parsers: fix list sizing rounding error (SEC)
CVE-2016-3630 (1/2)
This addresses part of a vulnerability in application of binary
deltas.
author | Matt Mackall <mpm@selenic.com> |
---|---|
date | Wed, 16 Mar 2016 17:29:29 -0700 |
parents | 09e41ac6289d |
children | b9714d958e89 |
comparison
equal
deleted
inserted
replaced
28632:a2c2dd399f3b | 28656:b6ed2505d6cf |
---|---|
203 struct flist *l; | 203 struct flist *l; |
204 struct frag *lt; | 204 struct frag *lt; |
205 int pos = 0; | 205 int pos = 0; |
206 | 206 |
207 /* assume worst case size, we won't have many of these lists */ | 207 /* assume worst case size, we won't have many of these lists */ |
208 l = lalloc(len / 12); | 208 l = lalloc(len / 12 + 1); |
209 if (!l) | 209 if (!l) |
210 return NULL; | 210 return NULL; |
211 | 211 |
212 lt = l->tail; | 212 lt = l->tail; |
213 | 213 |