php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-03 14:12:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix bug #67326 fileinfo: cdf_read_short_sector insufficient boundary check

Browse Source 
Upstream fix 6d209c1c48.patch
Only revelant part applied
This commit is contained in:
Remi Collet
2014-06-03 11:05:00 +02:00
committed by Stanislav Malyshev
parent 2326401fc1
commit 52de149ebc
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ext/fileinfo/libmagic/cdf.c
View File

@@ -365,10 +365,10 @@ cdf_read_short_sector(const cdf_stream_t *sst, void *buf, size_t offs,
size_t ss = CDF_SHORT_SEC_SIZE(h);
size_t pos = CDF_SHORT_SEC_POS(h, id);
assert(ss == len);
if (pos > CDF_SEC_SIZE(h) * sst->sst_len) {
if (pos + len > CDF_SEC_SIZE(h) * sst->sst_len) {
DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %"
SIZE_T_FORMAT "u\n",
pos, CDF_SEC_SIZE(h) * sst->sst_len));
pos + len, CDF_SEC_SIZE(h) * sst->sst_len));
return -1;
}
(void)memcpy(((char *)buf) + offs,