Sophie

Sophie

distrib > Mageia > 4 > x86_64 > by-pkgid > 42475f006d4789a3e56565f9becbe3f3 > files > 8

file-5.16-1.6.mga4.src.rpm

From 447558595a3650db2886cd2f416ad0beba965801 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Wed, 8 Jan 2014 22:22:54 +0000
Subject: [PATCH] PR/313: Aaron Reffett: Check properly for exceeding the
 offset.

---
 src/softmagic.c | 33 +++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/src/softmagic.c b/src/softmagic.c
index ec71364..ac9c18b 100644
--- a/src/softmagic.c
+++ b/src/softmagic.c
@@ -71,6 +71,7 @@ private int mcopy(struct magic_set *, union VALUETYPE *, int, int,
 private void cvt_32(union VALUETYPE *, const struct magic *);
 private void cvt_64(union VALUETYPE *, const struct magic *);
 
+#define OFFSET_OOB(n, o, i)	((n) < (o) || (i) >= ((n) - (o)))
 /*
  * softmagic - lookup one file in parsed, in-memory copy of database
  * Passed the name and FILE * of one file to be typed.
@@ -1223,7 +1224,7 @@ private int mcopy(struct magic_set *, union VALUETYPE *, int, int,
 		}
 		switch (in_type = cvt_flip(m->in_type, flip)) {
 		case FILE_BYTE:
-			if (nbytes < offset || nbytes < (offset + 1))
+			if (OFFSET_OOB(nbytes, offset, 1))
 				return 0;
 			if (off) {
 				switch (m->in_op & FILE_OPS_MASK) {
@@ -1258,7 +1259,7 @@ private int mcopy(struct magic_set *, union VALUETYPE *, int, int,
 				offset = ~offset;
 			break;
 		case FILE_BESHORT:
-			if (nbytes < offset || nbytes < (offset + 2))
+			if (OFFSET_OOB(nbytes, offset, 2))
 				return 0;
 			if (off) {
 				switch (m->in_op & FILE_OPS_MASK) {
@@ -1310,7 +1311,7 @@ private int mcopy(struct magic_set *, union VALUETYPE *, int, int,
 				offset = ~offset;
 			break;
 		case FILE_LESHORT:
-			if (nbytes < offset || nbytes < (offset + 2))
+			if (OFFSET_OOB(nbytes, offset, 2))
 				return 0;
 			if (off) {
 				switch (m->in_op & FILE_OPS_MASK) {
@@ -1362,7 +1363,7 @@ private int mcopy(struct magic_set *, union VALUETYPE *, int, int,
 				offset = ~offset;
 			break;
 		case FILE_SHORT:
-			if (nbytes < offset || nbytes < (offset + 2))
+			if (OFFSET_OOB(nbytes, offset, 2))
 				return 0;
 			if (off) {
 				switch (m->in_op & FILE_OPS_MASK) {
@@ -1399,7 +1400,7 @@ private int mcopy(struct magic_set *, union VALUETYPE *, int, int,
 			break;
 		case FILE_BELONG:
 		case FILE_BEID3:
-			if (nbytes < offset || nbytes < (offset + 4))
+			if (OFFSET_OOB(nbytes, offset, 4))
 				return 0;
 			if (off) {
 				switch (m->in_op & FILE_OPS_MASK) {
@@ -1470,7 +1471,7 @@ private int mcopy(struct magic_set *, union VALUETYPE *, int, int,
 			break;
 		case FILE_LELONG:
 		case FILE_LEID3:
-			if (nbytes < offset || nbytes < (offset + 4))
+			if (OFFSET_OOB(nbytes, offset, 4))
 				return 0;
 			if (off) {
 				switch (m->in_op & FILE_OPS_MASK) {
@@ -1540,7 +1541,7 @@ private int mcopy(struct magic_set *, union VALUETYPE *, int, int,
 				offset = ~offset;
 			break;
 		case FILE_MELONG:
-			if (nbytes < offset || nbytes < (offset + 4))
+			if (OFFSET_OOB(nbytes, offset, 4))
 				return 0;
 			if (off) {
 				switch (m->in_op & FILE_OPS_MASK) {
@@ -1610,7 +1611,7 @@ private int mcopy(struct magic_set *, union VALUETYPE *, int, int,
 				offset = ~offset;
 			break;
 		case FILE_LONG:
-			if (nbytes < offset || nbytes < (offset + 4))
+			if (OFFSET_OOB(nbytes, offset, 4))
 				return 0;
 			if (off) {
 				switch (m->in_op & FILE_OPS_MASK) {
@@ -1687,14 +1688,14 @@ private int mcopy(struct magic_set *, union VALUETYPE *, int, int,
 	/* Verify we have enough data to match magic type */
 	switch (m->type) {
 	case FILE_BYTE:
-		if (nbytes < (offset + 1)) /* should alway be true */
+		if (OFFSET_OOB(nbytes, offset, 1))
 			return 0;
 		break;
 
 	case FILE_SHORT:
 	case FILE_BESHORT:
 	case FILE_LESHORT:
-		if (nbytes < (offset + 2))
+		if (OFFSET_OOB(nbytes, offset, 2))
 			return 0;
 		break;
 
@@ -1713,33 +1714,31 @@ private int mcopy(struct magic_set *, union VALUETYPE *, int, int,
 	case FILE_FLOAT:
 	case FILE_BEFLOAT:
 	case FILE_LEFLOAT:
-		if (nbytes < (offset + 4))
+		if (OFFSET_OOB(nbytes, offset, 4))
 			return 0;
 		break;
 
 	case FILE_DOUBLE:
 	case FILE_BEDOUBLE:
 	case FILE_LEDOUBLE:
-		if (nbytes < (offset + 8))
+		if (OFFSET_OOB(nbytes, offset, 8))
 			return 0;
 		break;
 
 	case FILE_STRING:
 	case FILE_PSTRING:
 	case FILE_SEARCH:
-		if (nbytes < (offset + m->vallen))
+		if (OFFSET_OOB(nbytes, offset, m->vallen))
 			return 0;
 		break;
 
 	case FILE_REGEX:
-		if (nbytes < offset)
+		if (OFFSET_OOB(nbytes, offset, 0))
 			return 0;
 		break;
 
 	case FILE_INDIRECT:
-		if (offset == 0)
-			return 0;
-		if (nbytes < offset)
+		if (OFFSET_OOB(nbytes, offset, 0))
 			return 0;
 		sbuf = ms->o.buf;
 		soffset = ms->offset;
@@ -1761,7 +1762,7 @@ private int mcopy(struct magic_set *, union VALUETYPE *, int, int,
 		return rv;
 
 	case FILE_USE:
-		if (nbytes < offset)
+		if (OFFSET_OOB(nbytes, offset, 0))
 			return 0;
 		sbuf = m->value.s;
 		if (*sbuf == '^') {
-- 
1.8.5.5

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional