upstream/mercurial-mirror Commit - r28656:b6ed2505

parsers: fix list sizing rounding error (SEC)...

Matt Mackall -

r28656:b6ed2505 stable

parent child

tests/test-revlog.t

0 created 644 +15 0

			@@ -0,0 +1,15 b''
		1	Test for CVE-2016-3630
		2
		3	$ hg init
		4
		5	>>> open("a.i", "w").write(
		6	... """eJxjYGZgZIAAYQYGxhgom+k/FMx8YKx9ZUaKSOyqo4cnuKb8mbqHV5cBCVTMWb1Cwqkhe4Gsg9AD
		7	... Joa3dYtcYYYBAQ8Qr4OqZAYRICPTSr5WKd/42rV36d+8/VmrNpv7NP1jQAXrQE4BqQUARngwVA=="""
		8	... .decode("base64").decode("zlib"))
		9
		10	$ hg debugindex a.i
		11	rev offset length delta linkrev nodeid p1 p2
		12	0 0 19 -1 2 99e0332bd498 000000000000 000000000000
		13	1 19 12 0 3 6674f57a23d8 99e0332bd498 000000000000
		14	$ hg debugdata a.i 1 2>&1 \| grep decoded
		15	mpatch.mpatchError: patch cannot be decoded

mercurial/mpatch.c

0 +1 -1

              	int pos = 0;
              	/* assume worst case size, we won't have many of these lists */
-             	l = lalloc(len / 12);
+             	l = lalloc(len / 12 + 1);
              	if (!l)
              		return NULL;

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages