git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
file
1
0
Fork 0
Files Pull Requests 0 Wiki
Tree: 812165b29e
Branches Tags
file
/
debian
/
patches
/
cherry-pick.FILE5_35-49-g3a6f62e2.fix-indirect-offset-overflow-calculation-b.patch

cherry-pick.FILE5_35-49-g3a6f62e2.fix-indirect-offset-overflow-calculation-b.patch 1.9 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 
  1. Subject: Fix indirect offset overflow calculation (B. Watson)
    2. 

  2. Origin: FILE5_35-49-g3a6f62e2 <https://github.com/file/file/commit/FILE5_35-49-g3a6f62e2>
    3. 

  3. Upstream-Author: Christos Zoulas <christos@zoulas.com>
    4. 

  4. Date: Thu Feb 14 00:25:59 2019 +0000
    5. 

  5. 

  6. --- a/src/softmagic.c
    7. 

  7. +++ b/src/softmagic.c
    8. 

  8. @@ -1528,39 +1528,57 @@
    9. 

  9.  		if (m->in_op & FILE_OPINDIRECT) {
    10. 

  10.  			const union VALUETYPE *q = CAST(const union VALUETYPE *,
    11. 

  11.  			    ((const void *)(s + offset + off)));
    12. 

  12. -			if (OFFSET_OOB(nbytes, offset + off, sizeof(*q)))
    13. 

  13. -				return 0;
    14. 

  14.  			switch (cvt_flip(m->in_type, flip)) {
    15. 

  15.  			case FILE_BYTE:
    16. 

  16. +				if (OFFSET_OOB(nbytes, offset + off, 1))
    17. 

  17. +					return 0;
    18. 

  18.  				off = SEXT(sgn,8,q->b);
    19. 

  19.  				break;
    20. 

  20.  			case FILE_SHORT:
    21. 

  21. +				if (OFFSET_OOB(nbytes, offset + off, 2))
    22. 

  22. +					return 0;
    23. 

  23.  				off = SEXT(sgn,16,q->h);
    24. 

  24.  				break;
    25. 

  25.  			case FILE_BESHORT:
    26. 

  26. +				if (OFFSET_OOB(nbytes, offset + off, 2))
    27. 

  27. +					return 0;
    28. 

  28.  				off = SEXT(sgn,16,BE16(q));
    29. 

  29.  				break;
    30. 

  30.  			case FILE_LESHORT:
    31. 

  31. +				if (OFFSET_OOB(nbytes, offset + off, 2))
    32. 

  32. +					return 0;
    33. 

  33.  				off = SEXT(sgn,16,LE16(q));
    34. 

  34.  				break;
    35. 

  35.  			case FILE_LONG:
    36. 

  36. +				if (OFFSET_OOB(nbytes, offset + off, 4))
    37. 

  37. +					return 0;
    38. 

  38.  				off = SEXT(sgn,32,q->l);
    39. 

  39.  				break;
    40. 

  40.  			case FILE_BELONG:
    41. 

  41.  			case FILE_BEID3:
    42. 

  42. +				if (OFFSET_OOB(nbytes, offset + off, 4))
    43. 

  43. +					return 0;
    44. 

  44.  				off = SEXT(sgn,32,BE32(q));
    45. 

  45.  				break;
    46. 

  46.  			case FILE_LEID3:
    47. 

  47.  			case FILE_LELONG:
    48. 

  48. +				if (OFFSET_OOB(nbytes, offset + off, 4))
    49. 

  49. +					return 0;
    50. 

  50.  				off = SEXT(sgn,32,LE32(q));
    51. 

  51.  				break;
    52. 

  52.  			case FILE_MELONG:
    53. 

  53. +				if (OFFSET_OOB(nbytes, offset + off, 4))
    54. 

  54. +					return 0;
    55. 

  55.  				off = SEXT(sgn,32,ME32(q));
    56. 

  56.  				break;
    57. 

  57.  			case FILE_BEQUAD:
    58. 

  58. +				if (OFFSET_OOB(nbytes, offset + off, 8))
    59. 

  59. +					return 0;
    60. 

  60.  				off = SEXT(sgn,64,BE64(q));
    61. 

  61.  				break;
    62. 

  62.  			case FILE_LEQUAD:
    63. 

  63. +				if (OFFSET_OOB(nbytes, offset + off, 8))
    64. 

  64. +					return 0;
    65. 

  65.  				off = SEXT(sgn,64,LE64(q));
    66. 

  66.  				break;
    67. 

  67.  			default:
    68.