mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-29 12:53:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-7.2' into PHP-7.3

Browse Source 
* PHP-7.2:
  Fix libmagic buffer overflow issue (CVE-2019-18218)
  bump version
  set versions for release
This commit is contained in:
Stanislav Malyshev 2019-10-28 20:47:44 -07:00
commit 8c2b3b0568
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ext/fileinfo/libmagic/cdf.c
View File

@ -989,8 +989,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
goto out;
}
nelements = CDF_GETUINT32(q, 1);
if (nelements == 0) {
DPRINTF(("CDF_VECTOR with nelements == 0\n"));
if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
DPRINTF(("CDF_VECTOR with nelements == %"
SIZE_T_FORMAT "u\n", nelements));
goto out;
}
slen = 2;
@ -1032,8 +1033,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
goto out;
inp += nelem;
}
DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
nelements));
for (j = 0; j < nelements && i < sh.sh_properties;
j++, i++)
{

1
ext/fileinfo/libmagic/cdf.h
View File

@ -48,6 +48,7 @@
typedef int32_t cdf_secid_t;
#define CDF_LOOP_LIMIT 10000
#define CDF_ELEMENT_LIMIT 100000
#define CDF_SECID_NULL 0
#define CDF_SECID_FREE -1