Show More
| @@ -1167,6 +1167,10 b' static PyObject *reachableroots(indexObj' | |||||
| 1167 | numheads = PyList_GET_SIZE(heads); |
|
1167 | numheads = PyList_GET_SIZE(heads); | |
| 1168 | for (i = 0; i < numheads; i++) { |
|
1168 | for (i = 0; i < numheads; i++) { | |
| 1169 | revnum = PyInt_AS_LONG(PyList_GET_ITEM(heads, i)); |
|
1169 | revnum = PyInt_AS_LONG(PyList_GET_ITEM(heads, i)); | |
|
|
1170 | if (revnum + 1 < 0 || revnum + 1 >= len + 1) { | |||
|
|
1171 | PyErr_SetString(PyExc_IndexError, "head out of range"); | |||
|
|
1172 | goto bail; | |||
|
|
1173 | } | |||
| 1170 | if (seen[revnum+1] == 0) { |
|
1174 | if (seen[revnum+1] == 0) { | |
| 1171 | tovisit[lentovisit++] = revnum; |
|
1175 | tovisit[lentovisit++] = revnum; | |
| 1172 | seen[revnum+1]=1; |
|
1176 | seen[revnum+1]=1; | |
| @@ -60,9 +60,40 b' We approximate that by reducing the read' | |||||
| 60 |
|
60 | |||
| 61 | $ cd .. |
|
61 | $ cd .. | |
| 62 |
|
62 | |||
| 63 | Test corrupted p1/p2 fields that could cause SEGV at parsers.c: |
|
63 | #if no-pure | |
|
|
64 | ||||
|
|
65 | Test SEGV caused by bad revision passed to reachableroots() (issue4775): | |||
|
|
66 | ||||
|
|
67 | $ cd a | |||
| 64 |
|
68 | |||
| 65 | #if no-pure |
|
69 | $ python <<EOF | |
|
|
70 | > from mercurial import changelog, scmutil | |||
|
|
71 | > cl = changelog.changelog(scmutil.vfs('.hg/store')) | |||
|
|
72 | > print 'goods:' | |||
|
|
73 | > for head in [0, len(cl) - 1, -1]: | |||
|
|
74 | > print'%s: %r' % (head, cl.reachableroots(0, [head], set([0]))) | |||
|
|
75 | > print 'bads:' | |||
|
|
76 | > for head in [len(cl), 10000, -2, -10000]: | |||
|
|
77 | > print '%s:' % head, | |||
|
|
78 | > try: | |||
|
|
79 | > cl.reachableroots(0, [head], set([0])) | |||
|
|
80 | > print 'uncaught buffer overflow?' | |||
|
|
81 | > except IndexError as inst: | |||
|
|
82 | > print inst | |||
|
|
83 | > EOF | |||
|
|
84 | goods: | |||
|
|
85 | 0: <baseset [0]> | |||
|
|
86 | 1: <baseset [0]> | |||
|
|
87 | -1: <baseset []> | |||
|
|
88 | bads: | |||
|
|
89 | 2: head out of range | |||
|
|
90 | 10000: head out of range | |||
|
|
91 | -2: head out of range | |||
|
|
92 | -10000: head out of range | |||
|
|
93 | ||||
|
|
94 | $ cd .. | |||
|
|
95 | ||||
|
|
96 | Test corrupted p1/p2 fields that could cause SEGV at parsers.c: | |||
| 66 |
|
|
97 | ||
| 67 | $ mkdir invalidparent |
|
98 | $ mkdir invalidparent | |
| 68 | $ cd invalidparent |
|
99 | $ cd invalidparent | |
General Comments 0
You need to be logged in to leave comments.
Login now