cherry-pick.FILE5_30-12-g77a7041f.prevent-reading-beyond-our-buffer-when-compacting-whitespace-oss-fuzz.patch 1.0 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344
  1. Subject: Prevent reading beyond our buffer when compacting whitespace (oss-fuzz)
  2. Origin: FILE5_30-12-g77a7041f
  3. Upstream-Author: Christos Zoulas <christos@zoulas.com>
  4. Date: Wed Mar 8 20:45:35 2017 +0000
  5. --- a/src/softmagic.c
  6. +++ b/src/softmagic.c
  7. @@ -1632,6 +1632,7 @@
  8. */
  9. const unsigned char *a = (const unsigned char *)s1;
  10. const unsigned char *b = (const unsigned char *)s2;
  11. + const unsigned char *eb = b + len;
  12. uint64_t v;
  13. /*
  14. @@ -1646,6 +1647,10 @@
  15. }
  16. else { /* combine the others */
  17. while (len-- > 0) {
  18. + if (b >= eb) {
  19. + v = 1;
  20. + break;
  21. + }
  22. if ((flags & STRING_IGNORE_LOWERCASE) &&
  23. islower(*a)) {
  24. if ((v = tolower(*b++) - *a++) != '\0')
  25. @@ -1661,7 +1666,7 @@
  26. a++;
  27. if (isspace(*b++)) {
  28. if (!isspace(*a))
  29. - while (isspace(*b))
  30. + while (b < eb && isspace(*b))
  31. b++;
  32. }
  33. else {
  34. @@ -1672,7 +1677,7 @@
  35. else if ((flags & STRING_COMPACT_OPTIONAL_WHITESPACE) &&
  36. isspace(*a)) {
  37. a++;
  38. - while (isspace(*b))
  39. + while (b < eb && isspace(*b))
  40. b++;
  41. }
  42. else {