durin42 created this revision. Herald added a subscriber: mercurial-devel. Herald added a reviewer: hg-reviewers.
REVISION SUMMARY We shouldn't ever see those, and the fuzzer go really excited that if it gives us a 65k string with 55k slashes in it we use a lot of RAM. This is a better fix than what I tried in D7105 <https://phab.mercurial-scm.org/D7105>. It was suggested by Yuya, and I verified it does in fact cause the fuzzer to not OOM. REPOSITORY rHG Mercurial REVISION DETAIL https://phab.mercurial-scm.org/D7234 AFFECTED FILES mercurial/cext/dirs.c CHANGE DETAILS diff --git a/mercurial/cext/dirs.c b/mercurial/cext/dirs.c --- a/mercurial/cext/dirs.c +++ b/mercurial/cext/dirs.c @@ -66,6 +66,11 @@ while ((pos = _finddir(cpath, pos - 1)) != -1) { PyObject *val; + // Sniff for trailing slashes, a marker of an invalid input. + if (cpath[pos] == '/') { + goto bail; + } + key = PyBytes_FromStringAndSize(cpath, pos); if (key == NULL) goto bail; To: durin42, #hg-reviewers Cc: mercurial-devel _______________________________________________ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel