mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-12-01 05:43:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix bug #68283: fileinfo: out-of-bounds read in elf note headers

Browse Source 
Upstream commit
39c7ac1106

CVE -2014-3710

(cherry picked from commit 1803228597)
This commit is contained in:
Remi Collet 2014-10-22 15:37:04 +02:00
parent 37d5a2b18f
commit 5b295bf191
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ext/fileinfo/libmagic/readelf.c
View File

@ -372,6 +372,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
uint32_t namesz, descsz;
unsigned char *nbuf = CAST(unsigned char *, vbuf);
if (xnh_sizeof + offset > size) {
/*
* We're out of note headers.
*/
return xnh_sizeof + offset;
}
(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
offset += xnh_sizeof;