clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-21 18:07:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-7.3' into PHP-7.4

Browse Source 
* PHP-7.3:
  Fix libmagic buffer overflow issue (CVE-2019-18218)
  bump version
  set versions for release
This commit is contained in:
Stanislav Malyshev 2019-10-28 20:47:50 -07:00
commit 53b1d76144
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ext/fileinfo/libmagic/cdf.c
View File

@ -995,8 +995,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
goto out;
}
nelements = CDF_GETUINT32(q, 1);
if (nelements == 0) {
DPRINTF(("CDF_VECTOR with nelements == 0\n"));
if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
DPRINTF(("CDF_VECTOR with nelements == %"
SIZE_T_FORMAT "u\n", nelements));
goto out;
}
slen = 2;
@ -1038,8 +1039,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
goto out;
inp += nelem;
}
DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
nelements));
for (j = 0; j < nelements && i < sh.sh_properties;
j++, i++)
{

1
ext/fileinfo/libmagic/cdf.h
View File

@ -48,6 +48,7 @@
typedef int32_t cdf_secid_t;
#define CDF_LOOP_LIMIT 10000
#define CDF_ELEMENT_LIMIT 100000
#define CDF_SECID_NULL 0
#define CDF_SECID_FREE -1