diff options
Diffstat (limited to 'php-bug67410.patch')
-rw-r--r-- | php-bug67410.patch | 41 |
1 files changed, 0 insertions, 41 deletions
diff --git a/php-bug67410.patch b/php-bug67410.patch deleted file mode 100644 index 9e09d3a..0000000 --- a/php-bug67410.patch +++ /dev/null @@ -1,41 +0,0 @@ -From e77659a8c87272e5061738a31430d2111482c426 Mon Sep 17 00:00:00 2001 -From: Remi Collet <remi@php.net> -Date: Tue, 10 Jun 2014 14:02:36 +0200 -Subject: [PATCH] Fixed Bug #67410 fileinfo: mconvert incorrect handling of - truncated pascal string size - -Upstream -https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08 ---- - ext/fileinfo/libmagic/softmagic.c | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -diff --git a/ext/fileinfo/libmagic/softmagic.c b/ext/fileinfo/libmagic/softmagic.c -index 21fea6b..01e4977 100644 ---- a/ext/fileinfo/libmagic/softmagic.c -+++ b/ext/fileinfo/libmagic/softmagic.c -@@ -881,10 +881,18 @@ mconvert(struct magic_set *ms, struct magic *m, int flip) - return 1; - } - case FILE_PSTRING: { -- char *ptr1 = p->s, *ptr2 = ptr1 + file_pstring_length_size(m); -+ size_t sz = file_pstring_length_size(m); -+ char *ptr1 = p->s, *ptr2 = ptr1 + sz; - size_t len = file_pstring_get_length(m, ptr1); -- if (len >= sizeof(p->s)) -- len = sizeof(p->s) - 1; -+ if (len >= sizeof(p->s)) { -+ /* -+ * The size of the pascal string length (sz) -+ * is 1, 2, or 4. We need at least 1 byte for NUL -+ * termination, but we've already truncated the -+ * string by p->s, so we need to deduct sz. -+ */ -+ len = sizeof(p->s) - sz; -+ } - while (len--) - *ptr1++ = *ptr2++; - *ptr1 = '\0'; --- -1.9.2 - |