Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 503582
Collapse All | Expand All

(-)a/src/softmagic.c (-14 / +16 lines)
Lines 61-66 private void cvt_16(union VALUETYPE *, const struct magic *); Link Here
61
private void cvt_32(union VALUETYPE *, const struct magic *);
61
private void cvt_32(union VALUETYPE *, const struct magic *);
62
private void cvt_64(union VALUETYPE *, const struct magic *);
62
private void cvt_64(union VALUETYPE *, const struct magic *);
63
63
64
#define OFFSET_OOB(n, o, i)	((n) < (o) || (i) > ((n) - (o)))
64
/*
65
/*
65
 * softmagic - lookup one file in parsed, in-memory copy of database
66
 * softmagic - lookup one file in parsed, in-memory copy of database
66
 * Passed the name and FILE * of one file to be typed.
67
 * Passed the name and FILE * of one file to be typed.
Lines 1081-1087 mget(struct magic_set *ms, const unsigned char *s, Link Here
1081
		}
1082
		}
1082
		switch (m->in_type) {
1083
		switch (m->in_type) {
1083
		case FILE_BYTE:
1084
		case FILE_BYTE:
1084
			if (nbytes < (offset + 1))
1085
			if (OFFSET_OOB(nbytes, offset, 1))
1085
				return 0;
1086
				return 0;
1086
			if (off) {
1087
			if (off) {
1087
				switch (m->in_op & FILE_OPS_MASK) {
1088
				switch (m->in_op & FILE_OPS_MASK) {
Lines 1116-1122 mget(struct magic_set *ms, const unsigned char *s, Link Here
1116
				offset = ~offset;
1117
				offset = ~offset;
1117
			break;
1118
			break;
1118
		case FILE_BESHORT:
1119
		case FILE_BESHORT:
1119
			if (nbytes < (offset + 2))
1120
			
1121
			if (OFFSET_OOB(nbytes, offset, 2))
1120
				return 0;
1122
				return 0;
1121
			if (off) {
1123
			if (off) {
1122
				switch (m->in_op & FILE_OPS_MASK) {
1124
				switch (m->in_op & FILE_OPS_MASK) {
Lines 1168-1174 mget(struct magic_set *ms, const unsigned char *s, Link Here
1168
				offset = ~offset;
1170
				offset = ~offset;
1169
			break;
1171
			break;
1170
		case FILE_LESHORT:
1172
		case FILE_LESHORT:
1171
			if (nbytes < (offset + 2))
1173
			if (OFFSET_OOB(nbytes, offset, 2))
1172
				return 0;
1174
				return 0;
1173
			if (off) {
1175
			if (off) {
1174
				switch (m->in_op & FILE_OPS_MASK) {
1176
				switch (m->in_op & FILE_OPS_MASK) {
Lines 1220-1226 mget(struct magic_set *ms, const unsigned char *s, Link Here
1220
				offset = ~offset;
1222
				offset = ~offset;
1221
			break;
1223
			break;
1222
		case FILE_SHORT:
1224
		case FILE_SHORT:
1223
			if (nbytes < (offset + 2))
1225
			if (OFFSET_OOB(nbytes, offset, 2))
1224
				return 0;
1226
				return 0;
1225
			if (off) {
1227
			if (off) {
1226
				switch (m->in_op & FILE_OPS_MASK) {
1228
				switch (m->in_op & FILE_OPS_MASK) {
Lines 1257-1263 mget(struct magic_set *ms, const unsigned char *s, Link Here
1257
			break;
1259
			break;
1258
		case FILE_BELONG:
1260
		case FILE_BELONG:
1259
		case FILE_BEID3:
1261
		case FILE_BEID3:
1260
			if (nbytes < (offset + 4))
1262
			if (OFFSET_OOB(nbytes, offset, 4))
1261
				return 0;
1263
				return 0;
1262
			if (off) {
1264
			if (off) {
1263
				switch (m->in_op & FILE_OPS_MASK) {
1265
				switch (m->in_op & FILE_OPS_MASK) {
Lines 1328-1334 mget(struct magic_set *ms, const unsigned char *s, Link Here
1328
			break;
1330
			break;
1329
		case FILE_LELONG:
1331
		case FILE_LELONG:
1330
		case FILE_LEID3:
1332
		case FILE_LEID3:
1331
			if (nbytes < (offset + 4))
1333
			if (OFFSET_OOB(nbytes, offset, 4))
1332
				return 0;
1334
				return 0;
1333
			if (off) {
1335
			if (off) {
1334
				switch (m->in_op & FILE_OPS_MASK) {
1336
				switch (m->in_op & FILE_OPS_MASK) {
Lines 1398-1404 mget(struct magic_set *ms, const unsigned char *s, Link Here
1398
				offset = ~offset;
1400
				offset = ~offset;
1399
			break;
1401
			break;
1400
		case FILE_MELONG:
1402
		case FILE_MELONG:
1401
			if (nbytes < (offset + 4))
1403
			if (OFFSET_OOB(nbytes, offset, 4))
1402
				return 0;
1404
				return 0;
1403
			if (off) {
1405
			if (off) {
1404
				switch (m->in_op & FILE_OPS_MASK) {
1406
				switch (m->in_op & FILE_OPS_MASK) {
Lines 1468-1474 mget(struct magic_set *ms, const unsigned char *s, Link Here
1468
				offset = ~offset;
1470
				offset = ~offset;
1469
			break;
1471
			break;
1470
		case FILE_LONG:
1472
		case FILE_LONG:
1471
			if (nbytes < (offset + 4))
1473
			if (OFFSET_OOB(nbytes, offset, 4))
1472
				return 0;
1474
				return 0;
1473
			if (off) {
1475
			if (off) {
1474
				switch (m->in_op & FILE_OPS_MASK) {
1476
				switch (m->in_op & FILE_OPS_MASK) {
Lines 1535-1548 mget(struct magic_set *ms, const unsigned char *s, Link Here
1535
	/* Verify we have enough data to match magic type */
1537
	/* Verify we have enough data to match magic type */
1536
	switch (m->type) {
1538
	switch (m->type) {
1537
	case FILE_BYTE:
1539
	case FILE_BYTE:
1538
		if (nbytes < (offset + 1)) /* should alway be true */
1540
		if (OFFSET_OOB(nbytes, offset, 1))
1539
			return 0;
1541
			return 0;
1540
		break;
1542
		break;
1541
1543
1542
	case FILE_SHORT:
1544
	case FILE_SHORT:
1543
	case FILE_BESHORT:
1545
	case FILE_BESHORT:
1544
	case FILE_LESHORT:
1546
	case FILE_LESHORT:
1545
		if (nbytes < (offset + 2))
1547
		if (OFFSET_OOB(nbytes, offset, 2))
1546
			return 0;
1548
			return 0;
1547
		break;
1549
		break;
1548
1550
Lines 1561-1586 mget(struct magic_set *ms, const unsigned char *s, Link Here
1561
	case FILE_FLOAT:
1563
	case FILE_FLOAT:
1562
	case FILE_BEFLOAT:
1564
	case FILE_BEFLOAT:
1563
	case FILE_LEFLOAT:
1565
	case FILE_LEFLOAT:
1564
		if (nbytes < (offset + 4))
1566
		if (OFFSET_OOB(nbytes, offset, 4))
1565
			return 0;
1567
			return 0;
1566
		break;
1568
		break;
1567
1569
1568
	case FILE_DOUBLE:
1570
	case FILE_DOUBLE:
1569
	case FILE_BEDOUBLE:
1571
	case FILE_BEDOUBLE:
1570
	case FILE_LEDOUBLE:
1572
	case FILE_LEDOUBLE:
1571
		if (nbytes < (offset + 8))
1573
		if (OFFSET_OOB(nbytes, offset, 8))
1572
			return 0;
1574
			return 0;
1573
		break;
1575
		break;
1574
1576
1575
	case FILE_STRING:
1577
	case FILE_STRING:
1576
	case FILE_PSTRING:
1578
	case FILE_PSTRING:
1577
	case FILE_SEARCH:
1579
	case FILE_SEARCH:
1578
		if (nbytes < (offset + m->vallen))
1580
		if (OFFSET_OOB(nbytes, offset, m->vallen))
1579
			return 0;
1581
			return 0;
1580
		break;
1582
		break;
1581
1583
1582
	case FILE_REGEX:
1584
	case FILE_REGEX:
1583
		if (nbytes < offset)
1585
		if (OFFSET_OOB(nbytes, offset, 0))
1584
			return 0;
1586
			return 0;
1585
		break;
1587
		break;
1586
1588

Return to bug 503582