parsers: detect short records (SEC)
CVE-2016-3630 (2/2)
This addresses part of a vulnerability in binary delta application.
--- a/mercurial/mpatch.c Wed Mar 16 17:29:29 2016 -0700
+++ b/mercurial/mpatch.c Wed Mar 16 17:30:26 2016 -0700
@@ -215,10 +215,10 @@
lt->start = getbe32(bin + pos);
lt->end = getbe32(bin + pos + 4);
lt->len = getbe32(bin + pos + 8);
- if (lt->start > lt->end)
- break; /* sanity check */
lt->data = bin + pos + 12;
pos += 12 + lt->len;
+ if (lt->start > lt->end || lt->len < 0)
+ break; /* sanity check */
lt++;
}