Re: [PATCH 4 of 4 V2] sparse-revlog: protect C code against delta chain including nullrev

2018-12-15 Thread Yuya Nishihara 
On Sat, 15 Dec 2018 15:10:56 +, Boris Feld wrote:
> # HG changeset patch
> # User Boris Feld 
> # Date 1544804741 -3600
> #  Fri Dec 14 17:25:41 2018 +0100
> # Node ID e7d33dc28696a1b2ee951cb82fe2cd611037afc8
> # Parent  36c68746763d6b93b00c19387e79bd9cb623da72
> # EXP-Topic sparse-followup
> # Available At https://bitbucket.org/octobus/mercurial-devel/
> #  hg pull https://bitbucket.org/octobus/mercurial-devel/ -r 
> e7d33dc28696
> sparse-revlog: protect C code against delta chain including nullrev
> 
> For unclear reasons, some repositories include nullrev (-1). Re-computing
> delta for such repo remove nullrev from all chain, so some older versions have
> been creating them.
> 
> This currently raise an IndexError with the new C code doing chain slicing as
> it expect all item to be positive.
> 
> Both python and C code for reading delta chain preserve nullrev, and the 
> Python
> code for chain slicing handle the case fine. So we take the safe route and 
> make
> the new C code works fine in that case.
> 
> diff --git a/mercurial/cext/revlog.c b/mercurial/cext/revlog.c
> --- a/mercurial/cext/revlog.c
> +++ b/mercurial/cext/revlog.c
> @@ -1195,7 +1195,7 @@ static PyObject *index_slicechunktodensi
>   if (revnum == -1 && PyErr_Occurred()) {
>   goto bail;
>   }
> - if (revnum < 0 || revnum >= idxlen) {
> + if (revnum < -1 || revnum >= idxlen) {

s/-1/nullrev/ in flight.

As a follow up, please add tests where nullrev is involved. We have bad
history of buffer overflow in C.
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

[PATCH 4 of 4 V2] sparse-revlog: protect C code against delta chain including nullrev

2018-12-15 Thread Boris Feld 
# HG changeset patch
# User Boris Feld 
# Date 1544804741 -3600
#  Fri Dec 14 17:25:41 2018 +0100
# Node ID e7d33dc28696a1b2ee951cb82fe2cd611037afc8
# Parent  36c68746763d6b93b00c19387e79bd9cb623da72
# EXP-Topic sparse-followup
# Available At https://bitbucket.org/octobus/mercurial-devel/
#  hg pull https://bitbucket.org/octobus/mercurial-devel/ -r 
e7d33dc28696
sparse-revlog: protect C code against delta chain including nullrev

For unclear reasons, some repositories include nullrev (-1). Re-computing
delta for such repo remove nullrev from all chain, so some older versions have
been creating them.

This currently raise an IndexError with the new C code doing chain slicing as
it expect all item to be positive.

Both python and C code for reading delta chain preserve nullrev, and the Python
code for chain slicing handle the case fine. So we take the safe route and make
the new C code works fine in that case.

diff --git a/mercurial/cext/revlog.c b/mercurial/cext/revlog.c
--- a/mercurial/cext/revlog.c
+++ b/mercurial/cext/revlog.c
@@ -1195,7 +1195,7 @@ static PyObject *index_slicechunktodensi
if (revnum == -1 && PyErr_Occurred()) {
goto bail;
}
-   if (revnum < 0 || revnum >= idxlen) {
+   if (revnum < -1 || revnum >= idxlen) {
PyErr_Format(PyExc_IndexError,
 "index out of range: %zd", revnum);
goto bail;
___
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel