commit 71393b5c7fb0a8cff0c8fd7890c3954e3f3a9599
from: Omar Polo <op@omarpolo.com>
date: Tue Jun 14 08:10:55 2022 UTC

got patch: guard against invalid (negative) line offsets

under normal circumstances got-read-patch can't send negative line
offsets; that's not an excuse not to guard the main process from those
as well.

This makes sure we bail out early instead of trying to apply the diff.

commit - 0e07a2a181ad1663e726597758495e6b8010ba97
commit + 71393b5c7fb0a8cff0c8fd7890c3954e3f3a9599
blob - 4fe451ef47f5e8e2b15b5050994c294162827d96
blob + ba8b3d3062d617cc43cb3864675177c5e6a566b6
--- lib/patch.c
+++ lib/patch.c
@@ -244,6 +244,10 @@ recv_patch(struct imsgbuf *ibuf, int *done, struct got
 			memcpy(&hdr, imsg.data, sizeof(hdr));
 			if ((h = calloc(1, sizeof(*h))) == NULL) {
 				err = got_error_from_errno("calloc");
+				goto done;
+			}
+			if (h->old_from < 0 || h->new_from < 0) {
+				err = got_error(GOT_ERR_PRIVSEP_LEN);
 				goto done;
 			}
 			h->old_from = hdr.oldfrom;