# HG changeset patch # User Augie Fackler # Date 2018-11-13 01:31:57 # Node ID f27f8e9ef1e731723146b670a1a9a86e1a088069 # Parent 9eeda71991817a330e93c38cde3adeadad29688b manifest: also reject obviously-too-short lines when parsing lines Differential Revision: https://phab.mercurial-scm.org/D5257 diff --git a/mercurial/cext/manifest.c b/mercurial/cext/manifest.c --- a/mercurial/cext/manifest.c +++ b/mercurial/cext/manifest.c @@ -39,6 +39,7 @@ typedef struct { #define MANIFEST_NOT_SORTED -2 #define MANIFEST_MALFORMED -3 #define MANIFEST_BOGUS_FILENAME -4 +#define MANIFEST_TOO_SHORT_LINE -5 /* get the length of the path for a line */ static size_t pathlen(line *l) @@ -126,6 +127,15 @@ static int find_lines(lazymanifest *self if (!next) { return MANIFEST_MALFORMED; } + if ((next - data) < 22) { + /* We should have at least 22 bytes in a line: + 1 byte filename + 1 NUL + 20 bytes of hash + so we can give up here. + */ + return MANIFEST_TOO_SHORT_LINE; + } next++; /* advance past newline */ if (!realloc_if_full(self)) { return MANIFEST_OOM; /* no memory */ @@ -202,6 +212,11 @@ static int lazymanifest_init(lazymanifes PyExc_ValueError, "Manifest had an entry with a zero-length filename."); break; + case MANIFEST_TOO_SHORT_LINE: + PyErr_Format( + PyExc_ValueError, + "Manifest had implausibly-short line."); + break; default: PyErr_Format(PyExc_ValueError, "Unknown problem parsing manifest.");