From: Markus Koschany <apo@debian.org>
Date: Sat, 7 May 2016 15:13:04 +0200
Subject: CVE-2015-8865

A malformed magic file can trigger a segmentation fault due to a buffer
over-write in the file_check_mem function.

Origin: https://bugs.php.net/bug.php?id=71527 (Original bug report)
Origin: http://bugs.gw.com/view.php?id=522 (bug report for file)
Origin: https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36 (patch)
---
 src/funcs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/funcs.c b/src/funcs.c
index e7d2bb8..0ed90ef 100644
--- a/src/funcs.c
+++ b/src/funcs.c
@@ -410,7 +410,7 @@ file_check_mem(struct magic_set *ms, unsigned int level)
 	size_t len;
 
 	if (level >= ms->c.len) {
-		len = (ms->c.len += 20) * sizeof(*ms->c.li);
+		len = (ms->c.len = 20 + level) * sizeof(*ms->c.li);
 		ms->c.li = CAST(struct level_info *, (ms->c.li == NULL) ?
 		    malloc(len) :
 		    realloc(ms->c.li, len));