D7105: dirs: reject consecutive slashes in paths
durin42 (Augie Fackler)
phabricator at mercurial-scm.org
Tue Oct 15 13:55:04 UTC 2019
durin42 created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.
REVISION SUMMARY
We shouldn't ever see those, and the fuzzer go really excited that if
it gives us a 65k string with 55k slashes in it we use a lot of RAM.
REPOSITORY
rHG Mercurial
REVISION DETAIL
https://phab.mercurial-scm.org/D7105
AFFECTED FILES
mercurial/cext/dirs.c
CHANGE DETAILS
diff --git a/mercurial/cext/dirs.c b/mercurial/cext/dirs.c
--- a/mercurial/cext/dirs.c
+++ b/mercurial/cext/dirs.c
@@ -52,6 +52,7 @@
{
const char *cpath = PyBytes_AS_STRING(path);
Py_ssize_t pos = PyBytes_GET_SIZE(path);
+ Py_ssize_t prev_pos = -1;
PyObject *key = NULL;
int ret = -1;
@@ -64,6 +65,13 @@
* locations, the references are known so these violations should go
* unnoticed. */
while ((pos = _finddir(cpath, pos - 1)) != -1) {
+ if (pos && prev_pos == pos + 1) {
+ PyErr_SetString(
+ PyExc_ValueError,
+ "invalid empty directory name in dirs.c _addpath");
+ return -1;
+ }
+ prev_pos = pos;
PyObject *val;
key = PyBytes_FromStringAndSize(cpath, pos);
To: durin42, #hg-reviewers
Cc: mercurial-devel
More information about the Mercurial-devel
mailing list