commit eb35d814a71cef3007900867c20d881fcd173039
from: Omar Polo <op@omarpolo.com>
via: Thomas Adam <thomas@xteddy.org>
date: Thu Jun 23 14:09:34 2022 UTC

got patch: guard against invalid (negative) line offsets

under normal circumstances got-read-patch can't send negative line
offsets; that's not an excuse not to guard the main process from those
as well.

This makes sure we bail out early instead of trying to apply the diff.

commit - 9880a1ddc7243c136989370185f03cf6bdc29051
commit + eb35d814a71cef3007900867c20d881fcd173039
blob - 84db9fc5c2fd74c46922594d621a895ec6c3bfcd
blob + 46dfd0130236b332bf98cd8c4af93d819c28c9ee
--- lib/patch.c
+++ lib/patch.c
@@ -241,6 +241,10 @@ recv_patch(struct imsgbuf *ibuf, int *done, struct got
 			memcpy(&hdr, imsg.data, sizeof(hdr));
 			if ((h = calloc(1, sizeof(*h))) == NULL) {
 				err = got_error_from_errno("calloc");
+				goto done;
+			}
+			if (h->old_from < 0 || h->new_from < 0) {
+				err = got_error(GOT_ERR_PRIVSEP_LEN);
 				goto done;
 			}
 			h->old_from = hdr.oldfrom;