D7234: dirs: reject consecutive slashes in paths
durin42 (Augie Fackler)
phabricator at mercurial-scm.org
Tue Nov 5 23:41:25 UTC 2019
durin42 created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.
REVISION SUMMARY
We shouldn't ever see those, and the fuzzer go really excited that if
it gives us a 65k string with 55k slashes in it we use a lot of RAM.
This is a better fix than what I tried in D7105 <https://phab.mercurial-scm.org/D7105>. It was suggested by
Yuya, and I verified it does in fact cause the fuzzer to not OOM.
REPOSITORY
rHG Mercurial
REVISION DETAIL
https://phab.mercurial-scm.org/D7234
AFFECTED FILES
mercurial/cext/dirs.c
CHANGE DETAILS
diff --git a/mercurial/cext/dirs.c b/mercurial/cext/dirs.c
--- a/mercurial/cext/dirs.c
+++ b/mercurial/cext/dirs.c
@@ -66,6 +66,11 @@
while ((pos = _finddir(cpath, pos - 1)) != -1) {
PyObject *val;
+ // Sniff for trailing slashes, a marker of an invalid input.
+ if (cpath[pos] == '/') {
+ goto bail;
+ }
+
key = PyBytes_FromStringAndSize(cpath, pos);
if (key == NULL)
goto bail;
To: durin42, #hg-reviewers
Cc: mercurial-devel
More information about the Mercurial-devel
mailing list