Mercurial > hg
comparison tests/test-revlog.t @ 28656:b6ed2505d6cf stable
parsers: fix list sizing rounding error (SEC)
CVE-2016-3630 (1/2)
This addresses part of a vulnerability in application of binary
deltas.
| author | Matt Mackall <mpm@selenic.com> |
|---|---|
| date | Wed, 16 Mar 2016 17:29:29 -0700 |
| parents | |
| children | f736f98e16ca |
comparison
equal
deleted
inserted
replaced
| 28632:a2c2dd399f3b | 28656:b6ed2505d6cf |
|---|---|
| 1 Test for CVE-2016-3630 | |
| 2 | |
| 3 $ hg init | |
| 4 | |
| 5 >>> open("a.i", "w").write( | |
| 6 ... """eJxjYGZgZIAAYQYGxhgom+k/FMx8YKx9ZUaKSOyqo4cnuKb8mbqHV5cBCVTMWb1Cwqkhe4Gsg9AD | |
| 7 ... Joa3dYtcYYYBAQ8Qr4OqZAYRICPTSr5WKd/42rV36d+8/VmrNpv7NP1jQAXrQE4BqQUARngwVA==""" | |
| 8 ... .decode("base64").decode("zlib")) | |
| 9 | |
| 10 $ hg debugindex a.i | |
| 11 rev offset length delta linkrev nodeid p1 p2 | |
| 12 0 0 19 -1 2 99e0332bd498 000000000000 000000000000 | |
| 13 1 19 12 0 3 6674f57a23d8 99e0332bd498 000000000000 | |
| 14 $ hg debugdata a.i 1 2>&1 | grep decoded | |
| 15 mpatch.mpatchError: patch cannot be decoded |