Mercurial > hg
comparison mercurial/mpatch.c @ 28656:b6ed2505d6cf stable
parsers: fix list sizing rounding error (SEC)
CVE-2016-3630 (1/2)
This addresses part of a vulnerability in application of binary
deltas.
| author | Matt Mackall <mpm@selenic.com> |
|---|---|
| date | Wed, 16 Mar 2016 17:29:29 -0700 |
| parents | 09e41ac6289d |
| children | b9714d958e89 |
comparison
equal
deleted
inserted
replaced
| 28632:a2c2dd399f3b | 28656:b6ed2505d6cf |
|---|---|
| 203 struct flist *l; | 203 struct flist *l; |
| 204 struct frag *lt; | 204 struct frag *lt; |
| 205 int pos = 0; | 205 int pos = 0; |
| 206 | 206 |
| 207 /* assume worst case size, we won't have many of these lists */ | 207 /* assume worst case size, we won't have many of these lists */ |
| 208 l = lalloc(len / 12); | 208 l = lalloc(len / 12 + 1); |
| 209 if (!l) | 209 if (!l) |
| 210 return NULL; | 210 return NULL; |
| 211 | 211 |
| 212 lt = l->tail; | 212 lt = l->tail; |
| 213 | 213 |