# HG changeset patch
# User Matt Mackall <mpm@selenic.com>
# Date 1458174626 25200
# Wed Mar 16 17:30:26 2016 -0700
# Branch stable
# Node ID b9714d958e89cd6ff1da46b46f39076c03325ac7
# Parent b6ed2505d6cf1d73f7f5c62e7369c4ce65cd3732
parsers: detect short records (SEC)
CVE-2016-3630 (2/2)
This addresses part of a vulnerability in binary delta application.
diff --git a/mercurial/mpatch.c b/mercurial/mpatch.c
--- a/mercurial/mpatch.c
+++ b/mercurial/mpatch.c
@@ -215,10 +215,10 @@ static struct flist *decode(const char *
lt->start = getbe32(bin + pos);
lt->end = getbe32(bin + pos + 4);
lt->len = getbe32(bin + pos + 8);
- if (lt->start > lt->end)
- break; /* sanity check */
lt->data = bin + pos + 12;
pos += 12 + lt->len;
+ if (lt->start > lt->end || lt->len < 0)
+ break; /* sanity check */
lt++;
}