##// END OF EJS Templates
parsers: fix list sizing rounding error (SEC)...
Matt Mackall -
r28656:b6ed2505 stable
parent child Browse files
Show More
@@ -0,0 +1,15 b''
1 Test for CVE-2016-3630
2
3 $ hg init
4
5 >>> open("a.i", "w").write(
6 ... """eJxjYGZgZIAAYQYGxhgom+k/FMx8YKx9ZUaKSOyqo4cnuKb8mbqHV5cBCVTMWb1Cwqkhe4Gsg9AD
7 ... Joa3dYtcYYYBAQ8Qr4OqZAYRICPTSr5WKd/42rV36d+8/VmrNpv7NP1jQAXrQE4BqQUARngwVA=="""
8 ... .decode("base64").decode("zlib"))
9
10 $ hg debugindex a.i
11 rev offset length delta linkrev nodeid p1 p2
12 0 0 19 -1 2 99e0332bd498 000000000000 000000000000
13 1 19 12 0 3 6674f57a23d8 99e0332bd498 000000000000
14 $ hg debugdata a.i 1 2>&1 | grep decoded
15 mpatch.mpatchError: patch cannot be decoded
@@ -205,7 +205,7 b' static struct flist *decode(const char *'
205 205 int pos = 0;
206 206
207 207 /* assume worst case size, we won't have many of these lists */
208 l = lalloc(len / 12);
208 l = lalloc(len / 12 + 1);
209 209 if (!l)
210 210 return NULL;
211 211
General Comments 0
You need to be logged in to leave comments. Login now