# HG changeset patch
# User Augie Fackler <augie@google.com>
# Date 1545287199 18000
# Node ID 5c68b617ba2463eb6f1372a24b139a376c6bf6bd
# Parent  b444407f635beb65ddfcfe518ab09d1e4808e1f8
parsers: better bounds checking in fm1readmarkers

Our Python already calls this with reasonable values consistently, but
my upcoming fuzzer is extremely quick to discover the lack of sanity
checking here.

Differential Revision: https://phab.mercurial-scm.org/D5464

diff -r b444407f635b -r 5c68b617ba24 mercurial/cext/parsers.c
--- a/mercurial/cext/parsers.c	Wed Dec 19 23:48:35 2018 -0500
+++ b/mercurial/cext/parsers.c	Thu Dec 20 01:26:39 2018 -0500
@@ -572,6 +572,17 @@
 	                      &offset, &stop)) {
 		return NULL;
 	}
+	if (offset < 0) {
+		PyErr_SetString(PyExc_ValueError,
+		                "invalid negative offset in fm1readmarkers");
+		return NULL;
+	}
+	if (stop > datalen) {
+		PyErr_SetString(
+		    PyExc_ValueError,
+		    "stop longer than data length in fm1readmarkers");
+		return NULL;
+	}
 	dataend = data + datalen;
 	data += offset;
 	markers = PyList_New(0);