D7105: dirs: reject consecutive slashes in paths

durin42 (Augie Fackler) phabricator at mercurial-scm.org
Tue Oct 15 09:55:04 EDT 2019


durin42 created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.

REVISION SUMMARY
  We shouldn't ever see those, and the fuzzer go really excited that if
  it gives us a 65k string with 55k slashes in it we use a lot of RAM.

REPOSITORY
  rHG Mercurial

REVISION DETAIL
  https://phab.mercurial-scm.org/D7105

AFFECTED FILES
  mercurial/cext/dirs.c

CHANGE DETAILS

diff --git a/mercurial/cext/dirs.c b/mercurial/cext/dirs.c
--- a/mercurial/cext/dirs.c
+++ b/mercurial/cext/dirs.c
@@ -52,6 +52,7 @@
 {
 	const char *cpath = PyBytes_AS_STRING(path);
 	Py_ssize_t pos = PyBytes_GET_SIZE(path);
+	Py_ssize_t prev_pos = -1;
 	PyObject *key = NULL;
 	int ret = -1;
 
@@ -64,6 +65,13 @@
 	 * locations, the references are known so these violations should go
 	 * unnoticed. */
 	while ((pos = _finddir(cpath, pos - 1)) != -1) {
+		if (pos && prev_pos == pos + 1) {
+			PyErr_SetString(
+			    PyExc_ValueError,
+			    "invalid empty directory name in dirs.c _addpath");
+			return -1;
+		}
+		prev_pos = pos;
 		PyObject *val;
 
 		key = PyBytes_FromStringAndSize(cpath, pos);



To: durin42, #hg-reviewers
Cc: mercurial-devel


More information about the Mercurial-devel mailing list