My Alpine packages repository.
https://dryabzhinsky.noip.me/packages/en/alpinelinux-support/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 lines
1.6 KiB
46 lines
1.6 KiB
diff --git a/src/ext/fileinfo/libmagic/funcs.c b/src/ext/fileinfo/libmagic/funcs.c |
|
index 011ca42..b976ac9 100644 |
|
--- a/ext/fileinfo/libmagic/funcs.c |
|
+++ b/ext/fileinfo/libmagic/funcs.c |
|
@@ -414,7 +414,7 @@ file_check_mem(struct magic_set *ms, unsigned int level) |
|
size_t len; |
|
|
|
if (level >= ms->c.len) { |
|
- len = (ms->c.len += 20) * sizeof(*ms->c.li); |
|
+ len = (ms->c.len = 20 + level) * sizeof(*ms->c.li); |
|
ms->c.li = CAST(struct level_info *, (ms->c.li == NULL) ? |
|
emalloc(len) : |
|
erealloc(ms->c.li, len)); |
|
diff --git a/src/ext/fileinfo/tests/bug71527.magic b/src/ext/fileinfo/tests/bug71527.magic |
|
new file mode 100644 |
|
index 0000000..14d7781 |
|
--- /dev/null |
|
+++ b/ext/fileinfo/tests/bug71527.magic |
|
@@ -0,0 +1 @@ |
|
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> |
|
\ No newline at end of file |
|
diff --git a/src/ext/fileinfo/tests/bug71527.phpt b/src/ext/fileinfo/tests/bug71527.phpt |
|
new file mode 100644 |
|
index 0000000..f5b1d86 |
|
--- /dev/null |
|
+++ b/ext/fileinfo/tests/bug71527.phpt |
|
@@ -0,0 +1,19 @@ |
|
+--TEST-- |
|
+Bug #71527 Buffer over-write in finfo_open with malformed magic file |
|
+--SKIPIF-- |
|
+<?php |
|
+if (!class_exists('finfo')) |
|
+ die('skip no fileinfo extension'); |
|
+--ENV-- |
|
+USE_ZEND_ALLOC=0 |
|
+--FILE-- |
|
+<?php |
|
+ $finfo = finfo_open(FILEINFO_NONE, dirname(__FILE__) . DIRECTORY_SEPARATOR . "bug71527.magic"); |
|
+ $info = finfo_file($finfo, __FILE__); |
|
+ var_dump($info); |
|
+?> |
|
+--EXPECTF-- |
|
+Warning: finfo_open(): Failed to load magic database at '%sbug71527.magic'. in %sbug71527.php on line %d |
|
+ |
|
+Warning: finfo_file() expects parameter 1 to be resource, boolean given in %sbug71527.php on line %d |
|
+bool(false)
|
|
|