Mercurial > hg

changeset 41016:5c68b617ba24

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
parsers: better bounds checking in fm1readmarkers Our Python already calls this with reasonable values consistently, but my upcoming fuzzer is extremely quick to discover the lack of sanity checking here. Differential Revision: https://phab.mercurial-scm.org/D5464
author Augie Fackler <augie@google.com>
date Thu, 20 Dec 2018 01:26:39 -0500
parents b444407f635b
children 6a951f535fee
files mercurial/cext/parsers.c
diffstat 1 files changed, 11 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/cext/parsers.c	Wed Dec 19 23:48:35 2018 -0500
+++ b/mercurial/cext/parsers.c	Thu Dec 20 01:26:39 2018 -0500
@@ -572,6 +572,17 @@
 	                      &offset, &stop)) {
 		return NULL;
 	}
+	if (offset < 0) {
+		PyErr_SetString(PyExc_ValueError,
+		                "invalid negative offset in fm1readmarkers");
+		return NULL;
+	}
+	if (stop > datalen) {
+		PyErr_SetString(
+		    PyExc_ValueError,
+		    "stop longer than data length in fm1readmarkers");
+		return NULL;
+	}
 	dataend = data + datalen;
 	data += offset;
 	markers = PyList_New(0);