Subject: Avoid OOB read (found by ASAN reported by F. Alonso)
ID: CVE-2019-8906
Origin: FILE5_35-31-g2858eaf9 <https://github.com/file/file/commit/FILE5_35-31-g2858eaf9>
Upstream-Author: Christos Zoulas <christos@zoulas.com>
Date: Wed Jan 2 19:44:14 2019 +0000
Bug-Debian: https://bugs.debian.org/922969

--- a/src/readelf.c
+++ b/src/readelf.c
@@ -752,7 +752,7 @@
 			char sbuf[512];
 			struct NetBSD_elfcore_procinfo pi;
 			memset(&pi, 0, sizeof(pi));
-			memcpy(&pi, nbuf + doff, descsz);
+			memcpy(&pi, nbuf + doff, MIN(descsz, sizeof(pi)));
 
 			if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
 			    "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",