Mercurial > hg

diff mercurial/cext/parsers.c @ 41016:5c68b617ba24

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
parsers: better bounds checking in fm1readmarkers Our Python already calls this with reasonable values consistently, but my upcoming fuzzer is extremely quick to discover the lack of sanity checking here. Differential Revision: https://phab.mercurial-scm.org/D5464
author Augie Fackler <augie@google.com>
date Thu, 20 Dec 2018 01:26:39 -0500
parents 55d6d0ff703b
children 763b45bc4483
line wrap: on
line diff
--- a/mercurial/cext/parsers.c	Wed Dec 19 23:48:35 2018 -0500
+++ b/mercurial/cext/parsers.c	Thu Dec 20 01:26:39 2018 -0500
@@ -572,6 +572,17 @@
 	                      &offset, &stop)) {
 		return NULL;
 	}
+	if (offset < 0) {
+		PyErr_SetString(PyExc_ValueError,
+		                "invalid negative offset in fm1readmarkers");
+		return NULL;
+	}
+	if (stop > datalen) {
+		PyErr_SetString(
+		    PyExc_ValueError,
+		    "stop longer than data length in fm1readmarkers");
+		return NULL;
+	}
 	dataend = data + datalen;
 	data += offset;
 	markers = PyList_New(0);