# HG changeset patch
# User Benoit Boissinot <benoit.boissinot@ens-lyon.org>
# Date 1224440981 -7200
# Node ID 14848fc8e26cb275c650ef66b19b7d342700c0fd
# Parent  5d8626b2c1db59b70edf92010c8dcc34053f3ffd# Parent  37dd322adc81c2f02b0f301df67077a5d571dc21
merge with crew

diff -r 37dd322adc81 -r 14848fc8e26c mercurial/parsers.c
--- a/mercurial/parsers.c	Sun Oct 19 19:10:26 2008 +0200
+++ b/mercurial/parsers.c	Sun Oct 19 20:29:41 2008 +0200
@@ -164,7 +164,8 @@
 	PyObject *dmap, *cmap, *parents = NULL, *ret = NULL;
 	PyObject *fname = NULL, *cname = NULL, *entry = NULL;
 	char *str, *cur, *end, *cpos;
-	int state, mode, size, mtime, flen;
+	int state, mode, size, mtime;
+	unsigned int flen;
 	int len;
 	char decode[16]; /* for alignment */
 
@@ -195,13 +196,15 @@
 		mtime = ntohl(*(uint32_t *)(decode + 8));
 		flen = ntohl(*(uint32_t *)(decode + 12));
 		cur += 17;
-		if (cur + flen > end)
+		if (flen > end - cur) {
+			PyErr_SetString(PyExc_ValueError, "overflow in dirstate");
 			goto quit;
+		}
 
 		entry = Py_BuildValue("ciii", state, mode, size, mtime);
-		PyObject_GC_UnTrack(entry); /* don't waste time with this */
 		if (!entry)
 			goto quit;
+		PyObject_GC_UnTrack(entry); /* don't waste time with this */
 
 		cpos = memchr(cur, 0, flen);
 		if (cpos) {
@@ -295,6 +298,8 @@
 	char decode[64]; /* to enforce alignment with inline data */
 
 	while (data < end) {
+		unsigned int step;
+		
 		memcpy(decode, data, 64);
                 offset_flags = ntohl(*((uint32_t *) (decode + 4)));
                 if (n == 0) /* mask out version number for the first entry */
@@ -327,10 +332,13 @@
 		} else
 			PyList_SET_ITEM(index, n, entry); /* steals reference */
 
-		data += 64 + (inlined ? comp_len : 0);
 		n++;
+		step = 64 + (inlined ? comp_len : 0);
+		if (end - data < step)
+			break;
+		data += step;
 	}
-	if (data > end) {
+	if (data != end) {
 		if (!PyErr_Occurred())
 			PyErr_SetString(PyExc_ValueError, "corrupt index file");
 		return 0;