[PATCH STABLE] parsers: fix parse_dirstate to check len before unpacking header (issue4979)
Augie Fackler
raf at durin42.com
Wed Dec 2 09:35:22 CST 2015
On Thu, Dec 03, 2015 at 12:01:55AM +0900, Yuya Nishihara wrote:
> # HG changeset patch
> # User Yuya Nishihara <yuya at tcha.org>
> # Date 1449065098 -32400
> # Wed Dec 02 23:04:58 2015 +0900
> # Branch stable
> # Node ID f5e8cb813a4d5c0665c7e144d96810b4763c42d1
> # Parent 7e1fac6c0a9ce6afd3edeed5e47bcca343155d8a
> parsers: fix parse_dirstate to check len before unpacking header (issue4979)
Sure, queued for stable since it's such a trivial crasher fix.
>
> diff --git a/mercurial/parsers.c b/mercurial/parsers.c
> --- a/mercurial/parsers.c
> +++ b/mercurial/parsers.c
> @@ -493,6 +493,11 @@ static PyObject *parse_dirstate(PyObject
>
> /* read filenames */
> while (pos >= 40 && pos < len) {
> + if (pos + 17 > len) {
> + PyErr_SetString(PyExc_ValueError,
> + "overflow in dirstate");
> + goto quit;
> + }
> cur = str + pos;
> /* unpack header */
> state = *cur;
> _______________________________________________
> Mercurial-devel mailing list
> Mercurial-devel at selenic.com
> https://selenic.com/mailman/listinfo/mercurial-devel
More information about the Mercurial-devel
mailing list