diff options
Diffstat (limited to 'php-bug67326.patch')
| -rw-r--r-- | php-bug67326.patch | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/php-bug67326.patch b/php-bug67326.patch deleted file mode 100644 index 2e7b0b1..0000000 --- a/php-bug67326.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 4fcb9a9d1b1063a65fbeb27395de4979c75bd962 Mon Sep 17 00:00:00 2001 -From: Remi Collet <remi@php.net> -Date: Tue, 3 Jun 2014 11:05:00 +0200 -Subject: [PATCH] Fix bug #67326 fileinfo: cdf_read_short_sector insufficient - boundary check - -Upstream fix https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391.patch -Only revelant part applied ---- - ext/fileinfo/libmagic/cdf.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c -index 4712e84..16649f1 100644 ---- a/ext/fileinfo/libmagic/cdf.c -+++ b/ext/fileinfo/libmagic/cdf.c -@@ -365,10 +365,10 @@ cdf_read_short_sector(const cdf_stream_t *sst, void *buf, size_t offs, - size_t ss = CDF_SHORT_SEC_SIZE(h); - size_t pos = CDF_SHORT_SEC_POS(h, id); - assert(ss == len); -- if (pos > CDF_SEC_SIZE(h) * sst->sst_len) { -+ if (pos + len > CDF_SEC_SIZE(h) * sst->sst_len) { - DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %" - SIZE_T_FORMAT "u\n", -- pos, CDF_SEC_SIZE(h) * sst->sst_len)); -+ pos + len, CDF_SEC_SIZE(h) * sst->sst_len)); - return -1; - } - (void)memcpy(((char *)buf) + offs, --- -1.9.2 - |