Mercurial > hg

changeset 24623:2262d7bc469e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
parsers: check for memory allocation overflows more carefully
author Bryan O'Sullivan <bryano@fb.com>
date Mon, 06 Apr 2015 08:23:27 -0700
parents 1e05f11619bb
children 6f0e6fa9fdd7
files mercurial/parsers.c
diffstat 1 files changed, 6 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/parsers.c	Sat Apr 04 11:27:15 2015 +0200
+++ b/mercurial/parsers.c	Mon Apr 06 08:23:27 2015 -0700
@@ -1319,6 +1319,11 @@
 static int nt_new(indexObject *self)
 {
 	if (self->ntlength == self->ntcapacity) {
+		if (self->ntcapacity >= INT_MAX / (sizeof(nodetree) * 2)) {
+			PyErr_SetString(PyExc_MemoryError,
+					"overflow in nt_new");
+			return -1;
+		}
 		self->ntcapacity *= 2;
 		self->nt = realloc(self->nt,
 				   self->ntcapacity * sizeof(nodetree));
@@ -1380,7 +1385,7 @@
 static int nt_init(indexObject *self)
 {
 	if (self->nt == NULL) {
-		if (self->raw_length > INT_MAX) {
+		if (self->raw_length > INT_MAX / sizeof(nodetree)) {
 			PyErr_SetString(PyExc_ValueError, "overflow in nt_init");
 			return -1;
 		}