Fossil SCM
Manifest parsing does not validate sort order
15d04de574383d6…
· opened 5 years, 2 months ago
- Type
- Code_Defect
- Priority
- Immediate
- Severity
- Critical
- Resolution
- Fixed
- Subsystem
- —
- Created
- Feb. 10, 2021 11:16 p.m.
manifest_parse() is not properly validating the sort order of its cards. Certain cards, namely F-cards and T-cards, handle their own sort checks, but the overall "is the current card equal to or greater than the previous one" precondition is not being properly tested.
Discovered in , and it's currently unknown how far back that error goes. It was discovered in the context of technote edits, as detailed in:
https://fossil-scm.org/forum/forumpost/74fd8dac3a
A basic minimal fix was checked in to , but implementing it will mean that the invalid control artifacts which were previously allowed through will be invalidated (ignored as artifacts) after the next rebuild if that fix is employed. Insofar as we currently know, edited technotes are the only artifacts affected.
Comments (1)
manifest_parse() is not properly validating the sort order of its cards. Certain cards, namely F-cards and T-cards, handle their own sort checks, but the overall "is the current card equal to or greater than the previous one" precondition is not being properly tested.
Discovered in , and it's currently unknown how far back that error goes. It was discovered in the context of technote edits, as detailed in:
https://fossil-scm.org/forum/forumpost/74fd8dac3a
A basic minimal fix was checked in to , but implementing it will mean that the invalid control artifacts which were previously allowed through will be invalidated (ignored as artifacts) after the next rebuild if that fix is employed. Insofar as we currently know, edited technotes are the only artifacts affected.