mirror of
https://github.com/php/php-src.git
synced 2024-09-23 19:07:26 +00:00
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5: NEWS NEWS Fixed Bug #67411 fileinfo: cdf_check_stream_offset insufficient boundary check
This commit is contained in:
commit
1d6286c049
@ -277,13 +277,15 @@ cdf_check_stream_offset(const cdf_stream_t *sst, const cdf_header_t *h,
|
||||
{
|
||||
const char *b = (const char *)sst->sst_tab;
|
||||
const char *e = ((const char *)p) + tail;
|
||||
size_t ss = sst->sst_dirlen < h->h_min_size_standard_stream ?
|
||||
CDF_SHORT_SEC_SIZE(h) : CDF_SEC_SIZE(h);
|
||||
(void)&line;
|
||||
if (e >= b && (size_t)(e - b) <= CDF_SEC_SIZE(h) * sst->sst_len)
|
||||
if (e >= b && (size_t)(e - b) <= ss * sst->sst_len)
|
||||
return 0;
|
||||
DPRINTF(("%d: offset begin %p < end %p || %" SIZE_T_FORMAT "u"
|
||||
" > %" SIZE_T_FORMAT "u [%" SIZE_T_FORMAT "u %"
|
||||
SIZE_T_FORMAT "u]\n", line, b, e, (size_t)(e - b),
|
||||
CDF_SEC_SIZE(h) * sst->sst_len, CDF_SEC_SIZE(h), sst->sst_len));
|
||||
ss * sst->sst_len, ss, sst->sst_len));
|
||||
errno = EFTYPE;
|
||||
return -1;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user