Mercurial Mercurial > mercurial / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mpatch: protect against underflow in mpatch_apply (SEC) stable
authorAugie Fackler <augie@google.com>
Sat, 28 Apr 2018 02:04:56 -0400
branchstable
changeset 38188 1acfc35d478c
parent 38187 90a274965de7
child 38189 faa924469635
mpatch: protect against underflow in mpatch_apply (SEC) Also caught by oss-fuzz fuzzer during development. This defect is OVE-20180430-0002. A CVE has not been obtained as of this writing.
mercurial/mpatch.c file | annotate | diff | comparison | revisions 
--- a/mercurial/mpatch.c	Sat Apr 28 00:42:16 2018 -0400
+++ b/mercurial/mpatch.c	Sat Apr 28 02:04:56 2018 -0400
@@ -248,7 +248,7 @@
 	char *p = buf;
 
 	while (f != l->tail) {
-		if (f->start < last || f->end > len) {
+		if (f->start < last || f->end > len || last < 0) {
 			return MPATCH_ERR_INVALID_PATCH;
 		}
 		memcpy(p, orig + last, f->start - last);
@@ -258,6 +258,9 @@
 		p += f->len;
 		f++;
 	}
+	if (last < 0) {
+		return MPATCH_ERR_INVALID_PATCH;
+	}
 	memcpy(p, orig + last, len - last);
 	return 0;
 }
mercurial