From 9217c8d8e3760a9747311727f49150af84f189a4 Mon Sep 17 00:00:00 2001
From: Remi Collet <rcollet@redhat.com>
Date: Tue, 29 Jul 2014 13:06:17 +0200
Subject: [PATCH] fix possible pointer overflow

Signed-off-by: Remi Collet <rcollet@redhat.com>
---
 src/cdf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: php5-5.3.3/ext/fileinfo/libmagic/cdf.c
===================================================================
--- php5-5.3.3.orig/ext/fileinfo/libmagic/cdf.c	2014-09-29 09:18:46.000000000 +0200
+++ php5-5.3.3/ext/fileinfo/libmagic/cdf.c	2014-09-29 09:22:22.000000000 +0200
@@ -759,7 +759,7 @@
 	for (i = 0; i < sh.sh_properties; i++) {
 		q = (const uint32_t *)((const char *)p +
 		    CDF_TOLE4(p[(i << 1) + 1])) - 2;
-		if (q > e) {
+		if (q < p || q > e) {
 			DPRINTF(("Ran of the end %p > %p\n", q, e));
 			goto out;
 		}