Mercurial > hg
changeset 41016:5c68b617ba24
parsers: better bounds checking in fm1readmarkers
Our Python already calls this with reasonable values consistently, but
my upcoming fuzzer is extremely quick to discover the lack of sanity
checking here.
Differential Revision: https://phab.mercurial-scm.org/D5464
author | Augie Fackler <augie@google.com> |
---|---|
date | Thu, 20 Dec 2018 01:26:39 -0500 |
parents | b444407f635b |
children | 6a951f535fee |
files | mercurial/cext/parsers.c |
diffstat | 1 files changed, 11 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/cext/parsers.c Wed Dec 19 23:48:35 2018 -0500 +++ b/mercurial/cext/parsers.c Thu Dec 20 01:26:39 2018 -0500 @@ -572,6 +572,17 @@ &offset, &stop)) { return NULL; } + if (offset < 0) { + PyErr_SetString(PyExc_ValueError, + "invalid negative offset in fm1readmarkers"); + return NULL; + } + if (stop > datalen) { + PyErr_SetString( + PyExc_ValueError, + "stop longer than data length in fm1readmarkers"); + return NULL; + } dataend = data + datalen; data += offset; markers = PyList_New(0);