Show More
@@ -164,7 +164,8 b' static PyObject *parse_dirstate(PyObject' | |||
|
164 | 164 | PyObject *dmap, *cmap, *parents = NULL, *ret = NULL; |
|
165 | 165 | PyObject *fname = NULL, *cname = NULL, *entry = NULL; |
|
166 | 166 | char *str, *cur, *end, *cpos; |
|
167 |
int state, mode, size, mtime |
|
|
167 | int state, mode, size, mtime; | |
|
168 | unsigned int flen; | |
|
168 | 169 | int len; |
|
169 | 170 | char decode[16]; /* for alignment */ |
|
170 | 171 | |
@@ -195,8 +196,10 b' static PyObject *parse_dirstate(PyObject' | |||
|
195 | 196 | mtime = ntohl(*(uint32_t *)(decode + 8)); |
|
196 | 197 | flen = ntohl(*(uint32_t *)(decode + 12)); |
|
197 | 198 | cur += 17; |
|
198 |
if ( |
|
|
199 | if (flen > end - cur) { | |
|
200 | PyErr_SetString(PyExc_ValueError, "overflow in dirstate"); | |
|
199 | 201 | goto quit; |
|
202 | } | |
|
200 | 203 | |
|
201 | 204 | entry = Py_BuildValue("ciii", state, mode, size, mtime); |
|
202 | 205 | PyObject_GC_UnTrack(entry); /* don't waste time with this */ |
@@ -294,6 +297,8 b' static int _parse_index_ng (const char *' | |||
|
294 | 297 | const char *end = data + size; |
|
295 | 298 | |
|
296 | 299 | while (data < end) { |
|
300 | unsigned int step; | |
|
301 | ||
|
297 | 302 | offset_flags = ntohl(*((uint32_t *) (data + 4))); |
|
298 | 303 | if (n == 0) /* mask out version number for the first entry */ |
|
299 | 304 | offset_flags &= 0xFFFF; |
@@ -325,10 +330,13 b' static int _parse_index_ng (const char *' | |||
|
325 | 330 | } else |
|
326 | 331 | PyList_SET_ITEM(index, n, entry); /* steals reference */ |
|
327 | 332 | |
|
328 | data += 64 + (inlined ? comp_len : 0); | |
|
329 | 333 | n++; |
|
334 | step = 64 + (inlined ? comp_len : 0); | |
|
335 | if (end - data < step) | |
|
336 | break; | |
|
337 | data += step; | |
|
330 | 338 | } |
|
331 |
if (data |
|
|
339 | if (data != end) { | |
|
332 | 340 | if (!PyErr_Occurred()) |
|
333 | 341 | PyErr_SetString(PyExc_ValueError, "corrupt index file"); |
|
334 | 342 | return 0; |
General Comments 0
You need to be logged in to leave comments.
Login now