cherry-pick.FILE5_36-1-gecca6e54.fix-casts-and-bounds-check-found-by-oss-fuzz.patch 1.1 KB

12345678910111213141516171819202122232425262728293031323334353637383940
  1. Subject: Fix casts and bounds check (found by oss-fuzz)
  2. Origin: FILE5_36-1-gecca6e54 <https://github.com/file/file/commit/FILE5_36-1-gecca6e54>
  3. Upstream-Author: Christos Zoulas <christos@zoulas.com>
  4. Date: Wed Feb 20 16:15:47 2019 +0000
  5. --- a/src/encoding.c
  6. +++ b/src/encoding.c
  7. @@ -442,9 +442,9 @@
  8. /* XXX fix to properly handle chars > 65536 */
  9. if (bigend)
  10. - ubf[(*ulen)++] = bf[i + 1] + 256 * bf[i];
  11. + ubf[(*ulen)++] = bf[i + 1] + (bf[i] << 8);
  12. else
  13. - ubf[(*ulen)++] = bf[i] + 256 * bf[i + 1];
  14. + ubf[(*ulen)++] = bf[i] + (bf[i + 1] << 8);
  15. if (ubf[*ulen - 1] == 0xfffe)
  16. return 0;
  17. @@ -475,15 +475,17 @@
  18. *ulen = 0;
  19. - for (i = 4; i + 1 < nbytes; i += 4) {
  20. + for (i = 4; i + 3 < nbytes; i += 4) {
  21. /* XXX fix to properly handle chars > 65536 */
  22. if (bigend)
  23. ubf[(*ulen)++] = bf[i + 3] | (bf[i + 2] << 8)
  24. - | (bf[i + 1] << 16) | bf[i] << 24;
  25. + | (bf[i + 1] << 16)
  26. + | CAST(unichar, bf[i] << 24);
  27. else
  28. ubf[(*ulen)++] = bf[i] | (bf[i + 1] << 8)
  29. - | (bf[i + 2] << 16) | (bf[i + 3] << 24);
  30. + | (bf[i + 2] << 16)
  31. + | CAST(unichar, bf[i + 3] << 24);
  32. if (ubf[*ulen - 1] == 0xfffe)
  33. return 0;