D4151: linelog: fix infinite loop vulnerability
quark (Jun Wu)
phabricator at mercurial-scm.org
Tue Aug 7 01:29:33 EDT 2018
quark updated this revision to Diff 10032.
REPOSITORY
rHG Mercurial
CHANGES SINCE LAST UPDATE
https://phab.mercurial-scm.org/D4151?vs=10031&id=10032
REVISION DETAIL
https://phab.mercurial-scm.org/D4151
AFFECTED FILES
mercurial/linelog.py
tests/test-linelog.py
CHANGE DETAILS
diff --git a/tests/test-linelog.py b/tests/test-linelog.py
--- a/tests/test-linelog.py
+++ b/tests/test-linelog.py
@@ -179,6 +179,15 @@
ar = ll.annotate(rev)
self.assertEqual([(l.rev, l.linenum) for l in ar], lines)
+ def testinfinitebadprogram(self):
+ ll = linelog.linelog.fromdata(
+ b'\x00\x00\x00\x00\x00\x00\x00\x02' # header
+ b'\x00\x00\x00\x00\x00\x00\x00\x01' # JUMP to self
+ )
+ with self.assertRaises(linelog.LineLogError):
+ # should not be an infinite loop and raise
+ ll.annotate(1)
+
if __name__ == '__main__':
import silenttestrunner
silenttestrunner.main(__name__)
diff --git a/mercurial/linelog.py b/mercurial/linelog.py
--- a/mercurial/linelog.py
+++ b/mercurial/linelog.py
@@ -373,13 +373,15 @@
def annotate(self, rev):
pc = 1
lines = []
- # Sanity check: if len(lines) is longer than len(program), we
+ executed = 0
+ # Sanity check: if instructions executed exceeds len(program), we
# hit an infinite loop in the linelog program somehow and we
# should stop.
- while pc is not None and len(lines) < len(self._program):
+ while pc is not None and executed < len(self._program):
inst = self._program[pc]
lastpc = pc
pc = inst.execute(rev, pc, lines.append)
+ executed += 1
if pc is not None:
raise LineLogError(
'Probably hit an infinite loop in linelog. Program:\n' +
To: quark, #hg-reviewers
Cc: mercurial-devel
More information about the Mercurial-devel
mailing list