D1876: bdiff: Handle the possibility of an integer overflow when allocating
alex_gaynor (Alex Gaynor)
phabricator at mercurial-scm.org
Wed Jan 17 21:36:36 UTC 2018
alex_gaynor created this revision.
alex_gaynor added a reviewer: durin42.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.
REPOSITORY
rHG Mercurial
BRANCH
alloc-overflow (bookmark) on default (branch)
REVISION DETAIL
https://phab.mercurial-scm.org/D1876
AFFECTED FILES
mercurial/bdiff.c
mercurial/tagmerge.py
CHANGE DETAILS
diff --git a/mercurial/tagmerge.py b/mercurial/tagmerge.py
--- a/mercurial/tagmerge.py
+++ b/mercurial/tagmerge.py
@@ -269,4 +269,3 @@
writemergedtags(fcd, mergedtags)
ui.note(_('.hgtags merged successfully\n'))
return False, 0
-
diff --git a/mercurial/bdiff.c b/mercurial/bdiff.c
--- a/mercurial/bdiff.c
+++ b/mercurial/bdiff.c
@@ -41,7 +41,7 @@
if (p == plast)
i++;
- *lr = l = (struct bdiff_line *)malloc(sizeof(struct bdiff_line) * i);
+ *lr = l = (struct bdiff_line *)calloc(i, sizeof(struct bdiff_line));
if (!l)
return -1;
To: alex_gaynor, durin42, #hg-reviewers
Cc: mercurial-devel
More information about the Mercurial-devel
mailing list