# HG changeset patch
# User Matt Mackall <mpm@selenic.com>
# Date 1458174626 25200
#      Wed Mar 16 17:30:26 2016 -0700
# Branch stable
# Node ID b9714d958e89cd6ff1da46b46f39076c03325ac7
# Parent  b6ed2505d6cf1d73f7f5c62e7369c4ce65cd3732
parsers: detect short records (SEC)

CVE-2016-3630 (2/2)

This addresses part of a vulnerability in binary delta application.

diff --git a/mercurial/mpatch.c b/mercurial/mpatch.c
--- a/mercurial/mpatch.c
+++ b/mercurial/mpatch.c
@@ -215,10 +215,10 @@ static struct flist *decode(const char *
 		lt->start = getbe32(bin + pos);
 		lt->end = getbe32(bin + pos + 4);
 		lt->len = getbe32(bin + pos + 8);
-		if (lt->start > lt->end)
-			break; /* sanity check */
 		lt->data = bin + pos + 12;
 		pos += 12 + lt->len;
+		if (lt->start > lt->end || lt->len < 0)
+			break; /* sanity check */
 		lt++;
 	}