archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-19 08:49:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'PHP-5.4' into PHP-5.5

Browse source 
* PHP-5.4:
  NEWS
  Fix bug #67326	fileinfo: cdf_read_short_sector insufficient boundary check
This commit is contained in:
Remi Collet 2014-06-03 11:09:04 +02:00
commit 2d59b87527
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ext/fileinfo/libmagic/cdf.c
View file

@ -365,10 +365,10 @@ cdf_read_short_sector(const cdf_stream_t *sst, void *buf, size_t offs,
size_t ss = CDF_SHORT_SEC_SIZE(h); size_t ss = CDF_SHORT_SEC_SIZE(h);
size_t pos = CDF_SHORT_SEC_POS(h, id); size_t pos = CDF_SHORT_SEC_POS(h, id);
assert(ss == len); assert(ss == len);
if (pos > CDF_SEC_SIZE(h) * sst->sst_len) { if (pos + len > CDF_SEC_SIZE(h) * sst->sst_len) {
DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %" DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %"
SIZE_T_FORMAT "u\n", SIZE_T_FORMAT "u\n",
pos, CDF_SEC_SIZE(h) * sst->sst_len)); pos + len, CDF_SEC_SIZE(h) * sst->sst_len));
return -1; return -1;
} }
(void)memcpy(((char *)buf) + offs, (void)memcpy(((char *)buf) + offs,