upstream/mercurial-mirror Commit - r28656:b6ed2505

parsers: fix list sizing rounding error (SEC)...

Matt Mackall -

r28656:b6ed2505 stable

parent child

tests/test-revlog.t

0 created 644 +15 0

@@ -0,0 +1,15 b''
	1	Test for CVE-2016-3630
	2
	3	$ hg init
	4
	5	>>> open("a.i", "w").write(
	6	... """eJxjYGZgZIAAYQYGxhgom+k/FMx8YKx9ZUaKSOyqo4cnuKb8mbqHV5cBCVTMWb1Cwqkhe4Gsg9AD
	7	... Joa3dYtcYYYBAQ8Qr4OqZAYRICPTSr5WKd/42rV36d+8/VmrNpv7NP1jQAXrQE4BqQUARngwVA=="""
	8	... .decode("base64").decode("zlib"))
	9
	10	$ hg debugindex a.i
	11	rev offset length delta linkrev nodeid p1 p2
	12	0 0 19 -1 2 99e0332bd498 000000000000 000000000000
	13	1 19 12 0 3 6674f57a23d8 99e0332bd498 000000000000
	14	$ hg debugdata a.i 1 2>&1 \| grep decoded
	15	mpatch.mpatchError: patch cannot be decoded

mercurial/mpatch.c

0 +1 -1

             	int pos = 0;
             	/* assume worst case size, we won't have many of these lists */
-            	l = lalloc(len / 12);
+            	l = lalloc(len / 12 + 1);
             	if (!l)
             		return NULL;

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages