HomePhabricator

linelog: fix infinite loop vulnerability

Authored by quark.

Description

linelog: fix infinite loop vulnerability

Checking len(lines) is not a great way of detecting infinite loops, as
demonstrated in the added test. Therefore check instruction count instead.

The original C implementation does not have this problem. There are a few
other places where the C implementation enforces more strictly, like
a1 <= a2, b1 <= b2, rev > 0. But they are optional.

Test Plan:
Add a test. The old code forces the test to time out.

Differential Revision: https://phab.mercurial-scm.org/D4151

Details

Committed
quarkAug 7 2018, 1:24 AM
Differential Revision
D4151: linelog: fix infinite loop vulnerability
Parents
rHG35180ade80c1: tests: fix bytes/str issues in run-tests.py caught by python3
Branches
Unknown
Tags
Unknown