Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
mercurial
hg-mpatch-fix06.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File hg-mpatch-fix06.patch of Package mercurial
# HG changeset patch # User Augie Fackler <augie@google.com> # Date 1525140911 14400 # Node ID 0b208c13781c18deae8fddb1dd63677f61fd64b5 # Parent b8b253aec9538b2614295f6ba4ecefe335ad8bf5 mpatch: fix UB in int overflows in gather() (SEC) --- mercurial/mpatch.c | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) --- a/mercurial/mpatch.c +++ b/mercurial/mpatch.c @@ -122,18 +122,37 @@ static int gather(struct flist *dest, st int postend, c, l; while (s != src->tail) { - if (s->start + offset >= cut) + int soffset = s->start; + if (!safeadd(offset, &soffset)) + break; /* add would overflow, oh well */ + if (soffset >= cut) break; /* we've gone far enough */ - postend = offset + s->start + s->len; + postend = offset; + if (!safeadd(s->start, &postend) || + !safeadd(s->len, &postend)) { + break; + } if (postend <= cut) { /* save this hunk */ - offset += s->start + s->len - s->end; + int tmp = s->start; + if (!safesub(s->end, &tmp)) { + break; + } + if (!safeadd(s->len, &tmp)) { + break; + } + if (!safeadd(tmp, &offset)) { + break; /* add would overflow, oh well */ + } *d++ = *s++; } else { /* break up this hunk */ - c = cut - offset; + c = cut; + if (!safesub(offset, &c)) { + break; + } if (s->end < c) c = s->end; l = cut - offset - s->start;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor