Overview

File hg-mpatch-fix03.patch of Package mercurial.9061

# HG changeset patch
# User Augie Fackler <augie@google.com>
# Date 1524924552 14400
# Node ID faa924469635512b72868b1552a1866a0f91db20
# Parent  1acfc35d478cdae60cf62c6f07fa6b6ad3070ea7
mpatch: ensure fragment start isn't past the end of orig (SEC)

Caught by oss-fuzz fuzzer during development.

This defect is OVE-20180430-0004. A CVE has not been obtained as of
this writing.

diff -r 1acfc35d478c -r faa924469635 mercurial/mpatch.c
--- a/mercurial/mpatch.c	Sat Apr 28 02:04:56 2018 -0400
+++ b/mercurial/mpatch.c	Sat Apr 28 10:09:12 2018 -0400
@@ -248,7 +248,8 @@
 	char *p = buf;
 
 	while (f != l->tail) {
-		if (f->start < last || f->end > len || last < 0) {
+		if (f->start < last || f->start > len || f->end > len ||
+		    last < 0) {
 			return MPATCH_ERR_INVALID_PATCH;
 		}
 		memcpy(p, orig + last, f->start - last);
openSUSE Build Service is sponsored by
Places