1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
From 9217c8d8e3760a9747311727f49150af84f189a4 Mon Sep 17 00:00:00 2001
From: Remi Collet <rcollet@redhat.com>
Date: Tue, 29 Jul 2014 13:06:17 +0200
Subject: [PATCH] fix possible pointer overflow
Signed-off-by: Remi Collet <rcollet@redhat.com>
---
src/cdf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: php5-5.3.3/ext/fileinfo/libmagic/cdf.c
===================================================================
--- php5-5.3.3.orig/ext/fileinfo/libmagic/cdf.c 2014-09-29 09:18:46.000000000 +0200
+++ php5-5.3.3/ext/fileinfo/libmagic/cdf.c 2014-09-29 09:22:22.000000000 +0200
@@ -759,7 +759,7 @@
for (i = 0; i < sh.sh_properties; i++) {
q = (const uint32_t *)((const char *)p +
CDF_TOLE4(p[(i << 1) + 1])) - 2;
- if (q > e) {
+ if (q < p || q > e) {
DPRINTF(("Ran of the end %p > %p\n", q, e));
goto out;
}
|
