php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-27 10:16:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-7.4'

Browse Source 
* PHP-7.4:
  Fix libmagic buffer overflow issue (CVE-2019-18218)
  bump version
  set versions for release
This commit is contained in:
Stanislav Malyshev
2019-10-28 20:47:57 -07:00
parent c2f56d0546 53b1d76144
commit 39bf35ca87
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ext/fileinfo/libmagic/cdf.c
+3 -4
View File
@@ -995,8 +995,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
goto out;
}
nelements = CDF_GETUINT32(q, 1);
if (nelements == 0) {
DPRINTF(("CDF_VECTOR with nelements == 0\n"));
if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
DPRINTF(("CDF_VECTOR with nelements == %"
SIZE_T_FORMAT "u\n", nelements));
goto out;
}
slen = 2;
@@ -1038,8 +1039,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
goto out;
inp += nelem;
}
DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
nelements));
for (j = 0; j < nelements && i < sh.sh_properties;
j++, i++)
{
ext/fileinfo/libmagic/cdf.h
+1
View File
@@ -48,6 +48,7 @@
typedef int32_t cdf_secid_t;
#define CDF_LOOP_LIMIT 10000
#define CDF_ELEMENT_LIMIT 100000
#define CDF_SECID_NULL 0
#define CDF_SECID_FREE -1