Mercurial Mercurial > mercurial / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
parsers: better bounds checking in fm1readmarkers
authorAugie Fackler <augie@google.com>
Thu, 20 Dec 2018 01:26:39 -0500
changeset 41016 5c68b617ba24
parent 41015 b444407f635b
child 41024 6a951f535fee
parsers: better bounds checking in fm1readmarkers Our Python already calls this with reasonable values consistently, but my upcoming fuzzer is extremely quick to discover the lack of sanity checking here. Differential Revision: https://phab.mercurial-scm.org/D5464
mercurial/cext/parsers.c file | annotate | diff | comparison | revisions 
--- a/mercurial/cext/parsers.c	Wed Dec 19 23:48:35 2018 -0500
+++ b/mercurial/cext/parsers.c	Thu Dec 20 01:26:39 2018 -0500
@@ -572,6 +572,17 @@
 	                      &offset, &stop)) {
 		return NULL;
 	}
+	if (offset < 0) {
+		PyErr_SetString(PyExc_ValueError,
+		                "invalid negative offset in fm1readmarkers");
+		return NULL;
+	}
+	if (stop > datalen) {
+		PyErr_SetString(
+		    PyExc_ValueError,
+		    "stop longer than data length in fm1readmarkers");
+		return NULL;
+	}
 	dataend = data + datalen;
 	data += offset;
 	markers = PyList_New(0);
mercurial