[PATCH STABLE] parsers: fix parse_dirstate to check len before unpacking header (issue4979)
Yuya Nishihara
yuya at tcha.org
Wed Dec 2 15:01:55 UTC 2015
# HG changeset patch
# User Yuya Nishihara <yuya at tcha.org>
# Date 1449065098 -32400
# Wed Dec 02 23:04:58 2015 +0900
# Branch stable
# Node ID f5e8cb813a4d5c0665c7e144d96810b4763c42d1
# Parent 7e1fac6c0a9ce6afd3edeed5e47bcca343155d8a
parsers: fix parse_dirstate to check len before unpacking header (issue4979)
diff --git a/mercurial/parsers.c b/mercurial/parsers.c
--- a/mercurial/parsers.c
+++ b/mercurial/parsers.c
@@ -493,6 +493,11 @@ static PyObject *parse_dirstate(PyObject
/* read filenames */
while (pos >= 40 && pos < len) {
+ if (pos + 17 > len) {
+ PyErr_SetString(PyExc_ValueError,
+ "overflow in dirstate");
+ goto quit;
+ }
cur = str + pos;
/* unpack header */
state = *cur;
More information about the Mercurial-devel
mailing list