# HG changeset patch # User Augie Fackler # Date 2018-04-28 06:04:56 # Node ID 1acfc35d478cdae60cf62c6f07fa6b6ad3070ea7 # Parent 90a274965de74cb0b4bea01a564b29b12a6af814 mpatch: protect against underflow in mpatch_apply (SEC) Also caught by oss-fuzz fuzzer during development. This defect is OVE-20180430-0002. A CVE has not been obtained as of this writing. diff --git a/mercurial/mpatch.c b/mercurial/mpatch.c --- a/mercurial/mpatch.c +++ b/mercurial/mpatch.c @@ -248,7 +248,7 @@ int mpatch_apply(char *buf, const char * char *p = buf; while (f != l->tail) { - if (f->start < last || f->end > len) { + if (f->start < last || f->end > len || last < 0) { return MPATCH_ERR_INVALID_PATCH; } memcpy(p, orig + last, f->start - last); @@ -258,6 +258,9 @@ int mpatch_apply(char *buf, const char * p += f->len; f++; } + if (last < 0) { + return MPATCH_ERR_INVALID_PATCH; + } memcpy(p, orig + last, len - last); return 0; }