File hg-mpatch-fix08.patch of Package mercurial.11235

# HG changeset patch
# User Augie Fackler <augie@google.com>
# Date 1525141386 14400
# Node ID 59837a16896da36d26e795881f4ba4454cb8ae41
# Parent  7f22ef3c0ee721da8a568613dff48a7051fad8d7
mpatch: avoid integer overflow in mpatch_decode (SEC)

diff -r 7f22ef3c0ee7 -r 59837a16896d mercurial/mpatch.c
--- a/mercurial/mpatch.c	Mon Apr 30 22:20:13 2018 -0400
+++ b/mercurial/mpatch.c	Mon Apr 30 22:23:06 2018 -0400
@@ -285,10 +285,15 @@
 		lt->start = getbe32(bin + pos);
 		lt->end = getbe32(bin + pos + 4);
 		lt->len = getbe32(bin + pos + 8);
-		lt->data = bin + pos + 12;
-		pos += 12 + lt->len;
-		if (lt->start > lt->end || lt->len < 0)
+		if (lt->start < 0 || lt->start > lt->end || lt->len < 0)
 			break; /* sanity check */
+		if (!safeadd(12, &pos)) {
+			break;
+		}
+		lt->data = bin + pos;
+		if (!safeadd(lt->len, &pos)) {
+			break;
+		}
 		lt++;
 	}