Mercurial > hg

changeset 27226:f5e8cb813a4d stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
parsers: fix parse_dirstate to check len before unpacking header (issue4979)
author Yuya Nishihara <yuya@tcha.org>
date Wed, 02 Dec 2015 23:04:58 +0900
parents 7e1fac6c0a9c
children f20533623833
files mercurial/parsers.c
diffstat 1 files changed, 5 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/parsers.c	Tue Dec 01 20:18:28 2015 -0600
+++ b/mercurial/parsers.c	Wed Dec 02 23:04:58 2015 +0900
@@ -493,6 +493,11 @@
 
 	/* read filenames */
 	while (pos >= 40 && pos < len) {
+		if (pos + 17 > len) {
+			PyErr_SetString(PyExc_ValueError,
+					"overflow in dirstate");
+			goto quit;
+		}
 		cur = str + pos;
 		/* unpack header */
 		state = *cur;