Mercurial > hg
changeset 38189:faa924469635 stable
mpatch: ensure fragment start isn't past the end of orig (SEC)
Caught by oss-fuzz fuzzer during development.
This defect is OVE-20180430-0004. A CVE has not been obtained as of
this writing.
author | Augie Fackler <augie@google.com> |
---|---|
date | Sat, 28 Apr 2018 10:09:12 -0400 |
parents | 1acfc35d478c |
children | 1ec4cb8cbc87 |
files | mercurial/mpatch.c |
diffstat | 1 files changed, 2 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/mpatch.c Sat Apr 28 02:04:56 2018 -0400 +++ b/mercurial/mpatch.c Sat Apr 28 10:09:12 2018 -0400 @@ -248,7 +248,8 @@ char *p = buf; while (f != l->tail) { - if (f->start < last || f->end > len || last < 0) { + if (f->start < last || f->start > len || f->end > len || + last < 0) { return MPATCH_ERR_INVALID_PATCH; } memcpy(p, orig + last, f->start - last);