D5464: parsers: better bounds checking in fm1readmarkers
durin42 (Augie Fackler)
phabricator at mercurial-scm.org
Thu Dec 20 06:41:34 UTC 2018
durin42 created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.
REVISION SUMMARY
Our Python already calls this with reasonable values consistently, but
my upcoming fuzzer is extremely quick to discover the lack of sanity
checking here.
REPOSITORY
rHG Mercurial
REVISION DETAIL
https://phab.mercurial-scm.org/D5464
AFFECTED FILES
mercurial/cext/parsers.c
CHANGE DETAILS
diff --git a/mercurial/cext/parsers.c b/mercurial/cext/parsers.c
--- a/mercurial/cext/parsers.c
+++ b/mercurial/cext/parsers.c
@@ -572,6 +572,17 @@
&offset, &stop)) {
return NULL;
}
+ if (offset < 0) {
+ PyErr_SetString(PyExc_ValueError,
+ "invalid negative offset in fm1readmarkers");
+ return NULL;
+ }
+ if (stop > datalen) {
+ PyErr_SetString(
+ PyExc_ValueError,
+ "stop longer than data length in fm1readmarkers");
+ return NULL;
+ }
dataend = data + datalen;
data += offset;
markers = PyList_New(0);
To: durin42, #hg-reviewers
Cc: mercurial-devel
More information about the Mercurial-devel
mailing list