From 6713ca45e7757297381f4b4cdb9cf5e624a9ad36 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Wed, 3 Jun 2015 18:01:20 +0000
Subject: [PATCH] PR/454: Fix memory corruption when the continuation level
jumps by more than 20 in a single step.
---
src/funcs.c | 2 +-
1 file changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/funcs.c b/src/funcs.c
index 7ce431e..b7160cc 100644
--- a/src/funcs.c
+++ b/src/funcs.c
@@ -416,7 +416,7 @@ file_check_mem(struct magic_set *ms, unsigned int level)
size_t len;
if (level >= ms->c.len) {
- len = (ms->c.len += 20) * sizeof(*ms->c.li);
+ len = (ms->c.len = 20 + level) * sizeof(*ms->c.li);
ms->c.li = CAST(struct level_info *, (ms->c.li == NULL) ?
malloc(len) :
realloc(ms->c.li, len));
distrib
>
Mageia
>
5
>
x86_64
>
media
>
core-updates-src
>
by-pkgid
>
dbc67f14e551a046d1049c37d04d52ff
>
files
>
16
