# HG changeset patch
# User Boris Feld <boris.feld@octobus.net>
# Date 2018-11-25 23:21:09
# Node ID 959130631de35d4332ddc17db70939d448838a5e
# Parent  30d878cb102d1be3db236cf61b7e62e544d7b6d6

revlog: properly detect corrupted revlog in `index_get_length`

Pointed out by Yuya Nishihara.

diff --git a/mercurial/cext/revlog.c b/mercurial/cext/revlog.c
--- a/mercurial/cext/revlog.c
+++ b/mercurial/cext/revlog.c
@@ -242,7 +242,14 @@ static inline int index_get_length(index
 		return (int)ret;
 	} else {
 		const char *data = index_deref(self, rev);
-		return (int)getbe32(data + 8);
+		int tmp = (int)getbe32(data + 8);
+		if (tmp < 0) {
+			PyErr_Format(PyExc_OverflowError,
+			             "revlog entry size out of bound (%d)",
+			             tmp);
+			return -1;
+		}
+		return tmp;
 	}
 }