# HG changeset patch # User Yuya Nishihara # Date 2015-12-02 14:04:58 # Node ID f5e8cb813a4d5c0665c7e144d96810b4763c42d1 # Parent 7e1fac6c0a9ce6afd3edeed5e47bcca343155d8a parsers: fix parse_dirstate to check len before unpacking header (issue4979) diff --git a/mercurial/parsers.c b/mercurial/parsers.c --- a/mercurial/parsers.c +++ b/mercurial/parsers.c @@ -493,6 +493,11 @@ static PyObject *parse_dirstate(PyObject /* read filenames */ while (pos >= 40 && pos < len) { + if (pos + 17 > len) { + PyErr_SetString(PyExc_ValueError, + "overflow in dirstate"); + goto quit; + } cur = str + pos; /* unpack header */ state = *cur;