# HG changeset patch # User Matt Mackall <mpm@selenic.com> # Date 1458174626 25200 # Wed Mar 16 17:30:26 2016 -0700 # Branch stable # Node ID b9714d958e89cd6ff1da46b46f39076c03325ac7 # Parent b6ed2505d6cf1d73f7f5c62e7369c4ce65cd3732 parsers: detect short records (SEC) CVE-2016-3630 (2/2) This addresses part of a vulnerability in binary delta application. --- mercurial/mpatch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/mercurial/mpatch.c +++ b/mercurial/mpatch.c @@ -215,10 +215,10 @@ static struct flist *decode(const char * lt->start = getbe32(bin + pos); lt->end = getbe32(bin + pos + 4); lt->len = getbe32(bin + pos + 8); - if (lt->start > lt->end) - break; /* sanity check */ lt->data = bin + pos + 12; pos += 12 + lt->len; + if (lt->start > lt->end || lt->len < 0) + break; /* sanity check */ lt++; }
distrib
>
Mageia
>
5
>
i586
>
media
>
core-updates-src
>
by-pkgid
>
63a63e7d6fe73fe02bb901c3fa0aab06
>
files
>
7
