Mercurial > hg
diff mercurial/cext/parsers.c @ 40812:9cdd525d97b2 stable
revlog: fix out-of-bounds access by negative parents read from revlog (SEC)
82d6a35cf432 wasn't enough. Several callers don't check negative revisions
but for -1 (nullrev), which would directly lead to out-of-bounds read, and
buffer overflow could follow. RCE might be doable with carefully crafted
revlog structure, though I don't think this would be useful attack surface.
author | Yuya Nishihara <yuya@tcha.org> |
---|---|
date | Thu, 01 Nov 2018 20:32:59 +0900 |
parents | 481db51c83e9 |
children | f2342483f7a6 |