mercurial: CVE-2016-3630
backported the following patches from mercurial 3.7.3: https://selenic.com/repo/hg/rev/b6ed2505d6cf https://selenic.com/repo/hg/rev/b9714d958e89
This commit is contained in:
parent
0237b58390
commit
cd9cddf3dd
|
@ -239,7 +239,7 @@ static struct flist *decode(const char *bin, int len)
|
|||
char decode[12]; /* for dealing with alignment issues */
|
||||
|
||||
/* assume worst case size, we won't have many of these lists */
|
||||
l = lalloc(len / 12);
|
||||
l = lalloc(len / 12 + 1);
|
||||
if (!l)
|
||||
return NULL;
|
||||
|
||||
|
@ -250,7 +250,7 @@ static struct flist *decode(const char *bin, int len)
|
|||
lt->start = ntohl(*(uint32_t *)decode);
|
||||
lt->end = ntohl(*(uint32_t *)(decode + 4));
|
||||
lt->len = ntohl(*(uint32_t *)(decode + 8));
|
||||
if (lt->start > lt->end)
|
||||
if (lt->start > lt->end || lt->len < 0)
|
||||
break; /* sanity check */
|
||||
bin = data + lt->len;
|
||||
if (bin < data)
|
||||
|
|
|
@ -239,7 +239,7 @@ static struct flist *decode(const char *bin, int len)
|
|||
char decode[12]; /* for dealing with alignment issues */
|
||||
|
||||
/* assume worst case size, we won't have many of these lists */
|
||||
l = lalloc(len / 12);
|
||||
l = lalloc(len / 12 + 1);
|
||||
if (!l)
|
||||
return NULL;
|
||||
|
||||
|
@ -250,7 +250,7 @@ static struct flist *decode(const char *bin, int len)
|
|||
lt->start = ntohl(*(uint32_t *)decode);
|
||||
lt->end = ntohl(*(uint32_t *)(decode + 4));
|
||||
lt->len = ntohl(*(uint32_t *)(decode + 8));
|
||||
if (lt->start > lt->end)
|
||||
if (lt->start > lt->end || lt->len < 0)
|
||||
break; /* sanity check */
|
||||
bin = data + lt->len;
|
||||
if (bin < data)
|
||||
|
|
Loading…
Reference in a new issue