Overview

File php-5.4.20-CVE-2014-3479.patch of Package php5.openSUSE_13.1_Update

X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Ffileinfo%2Flibmagic%2Fcdf.c;h=c9a5d50a35bae973cc01801a422c94f8ff9cd86d;hp=16649f193fbce5336369f30ce23cad3fd24f87aa;hb=5c9f96799961818944d43b22c241cc56c215c2e4;hpb=d02aa440909b7a20098ccc9d3820629a36037596

diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c
index 16649f1..c9a5d50 100644
--- ext/fileinfo/libmagic/cdf.c
+++ ext/fileinfo/libmagic/cdf.c
@@ -277,13 +277,15 @@ cdf_check_stream_offset(const cdf_stream_t *sst, const cdf_header_t *h,
 {
 	const char *b = (const char *)sst->sst_tab;
 	const char *e = ((const char *)p) + tail;
+	size_t ss = sst->sst_dirlen < h->h_min_size_standard_stream ?
+	    CDF_SHORT_SEC_SIZE(h) : CDF_SEC_SIZE(h);
 	(void)&line;
-	if (e >= b && (size_t)(e - b) <= CDF_SEC_SIZE(h) * sst->sst_len)
+	if (e >= b && (size_t)(e - b) <= ss * sst->sst_len)
 		return 0;
 	DPRINTF(("%d: offset begin %p < end %p || %" SIZE_T_FORMAT "u"
 	    " > %" SIZE_T_FORMAT "u [%" SIZE_T_FORMAT "u %"
 	    SIZE_T_FORMAT "u]\n", line, b, e, (size_t)(e - b),
-	    CDF_SEC_SIZE(h) * sst->sst_len, CDF_SEC_SIZE(h), sst->sst_len));
+	    ss * sst->sst_len, ss, sst->sst_len));
 	errno = EFTYPE;
 	return -1;
 }
openSUSE Build Service is sponsored by
Places