archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-19 08:49:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'PHP-5.4' into PHP-5.5

Browse source 
* PHP-5.4:
  NEWS
  Fixed Bug #67413 	fileinfo: cdf_read_property_info insufficient boundary chec
This commit is contained in:
Remi Collet 2014-06-10 14:35:23 +02:00
commit 12a62ce868
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
ext/fileinfo/libmagic/cdf.c
View file

@ -812,7 +812,11 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
if (cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1) if (cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1)
goto out; goto out;
for (i = 0; i < sh.sh_properties; i++) { for (i = 0; i < sh.sh_properties; i++) {
size_t ofs = CDF_GETUINT32(p, (i << 1) + 1); size_t ofs, tail = (i << 1) + 1;
if (cdf_check_stream_offset(sst, h, p, tail * sizeof(uint32_t),
__LINE__) == -1)
goto out;
ofs = CDF_GETUINT32(p, tail);
q = (const uint8_t *)(const void *) q = (const uint8_t *)(const void *)
((const char *)(const void *)p + ofs ((const char *)(const void *)p + ofs
- 2 * sizeof(uint32_t)); - 2 * sizeof(uint32_t));