Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
mercurial
hg-mpatch-fix02.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File hg-mpatch-fix02.patch of Package mercurial
# HG changeset patch # User Augie Fackler <augie@google.com> # Date 1524895496 14400 # Node ID 1acfc35d478cdae60cf62c6f07fa6b6ad3070ea7 # Parent 90a274965de74cb0b4bea01a564b29b12a6af814 mpatch: protect against underflow in mpatch_apply (SEC) Also caught by oss-fuzz fuzzer during development. This defect is OVE-20180430-0002. A CVE has not been obtained as of this writing. --- mercurial/mpatch.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/mercurial/mpatch.c +++ b/mercurial/mpatch.c @@ -265,7 +265,7 @@ static int apply(char *buf, const char * char *p = buf; while (f != l->tail) { - if (f->start < last || f->end > len) { + if (f->start < last || f->end > len || last < 0) { if (!PyErr_Occurred()) PyErr_SetString(mpatch_Error, "invalid patch"); @@ -278,6 +278,11 @@ static int apply(char *buf, const char * p += f->len; f++; } + if (last < 0) { + if (!PyErr_Occurred()) + PyErr_SetString(mpatch_Error, "invalid patch"); + return 0; + } memcpy(p, orig + last, len - last); return 1; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor