Mercurial Mercurial > hg / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mercurial/cext/revlog.c
changeset 41078 46e0563c67db
parent 41052 4c25038c112c
parent 41018 f4113489e4d4
child 41085 a6556b09bf83 
--- a/mercurial/cext/revlog.c	Thu Dec 27 15:19:46 2018 -0800
+++ b/mercurial/cext/revlog.c	Sun Dec 30 17:31:57 2018 +0900
@@ -967,6 +967,7 @@
 static inline int index_baserev(indexObject *self, int rev)
 {
 	const char *data;
+	int result;
 
 	if (rev >= self->length) {
 		PyObject *tuple =
@@ -975,15 +976,23 @@
 		if (!pylong_to_long(PyTuple_GET_ITEM(tuple, 3), &ret)) {
 			return -2;
 		}
-		return (int)ret;
+		result = (int)ret;
 	} else {
 		data = index_deref(self, rev);
 		if (data == NULL) {
 			return -2;
 		}
 
-		return getbe32(data + 16);
+		result = getbe32(data + 16);
 	}
+	if (result > rev) {
+		PyErr_Format(
+		    PyExc_ValueError,
+		    "corrupted revlog, revision base above revision: %d, %d",
+		    rev, result);
+		return -2;
+	}
+	return result;
 }
 
 static PyObject *index_deltachain(indexObject *self, PyObject *args)
Mercurial