Overview

File hg-mpatch-fix02.patch of Package mercurial.8018

# HG changeset patch
# User Augie Fackler <augie@google.com>
# Date 1524895496 14400
# Node ID 1acfc35d478cdae60cf62c6f07fa6b6ad3070ea7
# Parent  90a274965de74cb0b4bea01a564b29b12a6af814
mpatch: protect against underflow in mpatch_apply (SEC)

Also caught by oss-fuzz fuzzer during development.

This defect is OVE-20180430-0002. A CVE has not been obtained as of this writing.

---
 mercurial/mpatch.c |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

--- a/mercurial/mpatch.c
+++ b/mercurial/mpatch.c
@@ -265,7 +265,7 @@ static int apply(char *buf, const char *
 	char *p = buf;
 
 	while (f != l->tail) {
-		if (f->start < last || f->end > len) {
+		if (f->start < last || f->end > len || last < 0) {
 			if (!PyErr_Occurred())
 				PyErr_SetString(mpatch_Error,
 				                "invalid patch");
@@ -278,6 +278,11 @@ static int apply(char *buf, const char *
 		p += f->len;
 		f++;
 	}
+	if (last < 0) {
+		if (!PyErr_Occurred())
+			PyErr_SetString(mpatch_Error, "invalid patch");
+		return 0;
+	}
 	memcpy(p, orig + last, len - last);
 	return 1;
 }
openSUSE Build Service is sponsored by
Places