1 diff --git a/src/softmagic.c b/src/softmagic.c
2 index 1f02fec..58a1cf7 100644
3 --- a/ext/fileinfo/libmagic/softmagic.c
4 +++ b/ext/fileinfo/libmagic/softmagic.c
5 @@ -87,6 +87,7 @@ private void cvt_16(union VALUETYPE *, const struct magic *);
6 private void cvt_32(union VALUETYPE *, const struct magic *);
7 private void cvt_64(union VALUETYPE *, const struct magic *);
9 +#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o)))
11 * softmagic - lookup one file in parsed, in-memory copy of database
12 * Passed the name and FILE * of one file to be typed.
13 @@ -1065,6 +1066,7 @@ mget(struct magic_set *ms, const unsigned char *s,
15 uint32_t offset = ms->offset;
16 uint32_t count = m->str_range;
18 union VALUETYPE *p = &ms->ms_value;
20 if (mcopy(ms, p, m->type, m->flag & INDIR, s, offset, nbytes, count) == -1)
21 @@ -1116,7 +1118,7 @@ mget(struct magic_set *ms, const unsigned char *s,
25 - if (nbytes < (offset + 1))
26 + if (OFFSET_OOB(nbytes, offset, 1))
29 switch (m->in_op & FILE_OPS_MASK) {
30 @@ -1151,111 +1153,79 @@ mget(struct magic_set *ms, const unsigned char *s,
34 - if (nbytes < (offset + 2))
35 + if (OFFSET_OOB(nbytes, offset, 2))
37 + lhs = (p->hs[0] << 8) | p->hs[1];
39 switch (m->in_op & FILE_OPS_MASK) {
41 - offset = (short)((p->hs[0]<<8)|
47 - offset = (short)((p->hs[0]<<8)|
53 - offset = (short)((p->hs[0]<<8)|
59 - offset = (short)((p->hs[0]<<8)|
65 - offset = (short)((p->hs[0]<<8)|
71 - offset = (short)((p->hs[0]<<8)|
77 - offset = (short)((p->hs[0]<<8)|
83 - offset = (short)((p->hs[0]<<8)|
90 - offset = (short)((p->hs[0]<<8)|
93 if (m->in_op & FILE_OPINVERSE)
97 - if (nbytes < (offset + 2))
98 + if (OFFSET_OOB(nbytes, offset, 2))
100 + lhs = (p->hs[1] << 8) | p->hs[0];
102 switch (m->in_op & FILE_OPS_MASK) {
104 - offset = (short)((p->hs[1]<<8)|
107 + offset = lhs & off;
110 - offset = (short)((p->hs[1]<<8)|
113 + offset = lhs | off;
116 - offset = (short)((p->hs[1]<<8)|
119 + offset = lhs ^ off;
122 - offset = (short)((p->hs[1]<<8)|
125 + offset = lhs + off;
128 - offset = (short)((p->hs[1]<<8)|
131 + offset = lhs - off;
133 case FILE_OPMULTIPLY:
134 - offset = (short)((p->hs[1]<<8)|
137 + offset = lhs * off;
140 - offset = (short)((p->hs[1]<<8)|
143 + offset = lhs / off;
146 - offset = (short)((p->hs[1]<<8)|
149 + offset = lhs % off;
153 - offset = (short)((p->hs[1]<<8)|
156 if (m->in_op & FILE_OPINVERSE)
160 - if (nbytes < (offset + 2))
161 + if (OFFSET_OOB(nbytes, offset, 2))
164 switch (m->in_op & FILE_OPS_MASK) {
165 @@ -1292,218 +1262,119 @@ mget(struct magic_set *ms, const unsigned char *s,
169 - if (nbytes < (offset + 4))
170 + if (OFFSET_OOB(nbytes, offset, 4))
172 + lhs = (p->hl[0] << 24) | (p->hl[1] << 16) |
173 + (p->hl[2] << 8) | p->hl[3];
175 switch (m->in_op & FILE_OPS_MASK) {
177 - offset = (int32_t)((p->hl[0]<<24)|
182 + offset = lhs & off;
185 - offset = (int32_t)((p->hl[0]<<24)|
190 + offset = lhs | off;
193 - offset = (int32_t)((p->hl[0]<<24)|
198 + offset = lhs ^ off;
201 - offset = (int32_t)((p->hl[0]<<24)|
206 + offset = lhs + off;
209 - offset = (int32_t)((p->hl[0]<<24)|
214 + offset = lhs - off;
216 case FILE_OPMULTIPLY:
217 - offset = (int32_t)((p->hl[0]<<24)|
222 + offset = lhs * off;
225 - offset = (int32_t)((p->hl[0]<<24)|
230 + offset = lhs / off;
233 - offset = (int32_t)((p->hl[0]<<24)|
238 + offset = lhs % off;
242 - offset = (int32_t)((p->hl[0]<<24)|
247 if (m->in_op & FILE_OPINVERSE)
252 - if (nbytes < (offset + 4))
253 + if (OFFSET_OOB(nbytes, offset, 4))
255 + lhs = (p->hl[3] << 24) | (p->hl[2] << 16) |
256 + (p->hl[1] << 8) | p->hl[0];
258 switch (m->in_op & FILE_OPS_MASK) {
260 - offset = (int32_t)((p->hl[3]<<24)|
265 + offset = lhs & off;
268 - offset = (int32_t)((p->hl[3]<<24)|
273 + offset = lhs | off;
276 - offset = (int32_t)((p->hl[3]<<24)|
281 + offset = lhs ^ off;
284 - offset = (int32_t)((p->hl[3]<<24)|
289 + offset = lhs + off;
292 - offset = (int32_t)((p->hl[3]<<24)|
297 + offset = lhs - off;
299 case FILE_OPMULTIPLY:
300 - offset = (int32_t)((p->hl[3]<<24)|
305 + offset = lhs * off;
308 - offset = (int32_t)((p->hl[3]<<24)|
313 + offset = lhs / off;
316 - offset = (int32_t)((p->hl[3]<<24)|
321 + offset = lhs % off;
325 - offset = (int32_t)((p->hl[3]<<24)|
330 if (m->in_op & FILE_OPINVERSE)
334 - if (nbytes < (offset + 4))
335 + if (OFFSET_OOB(nbytes, offset, 4))
337 + lhs = (p->hl[1] << 24) | (p->hl[0] << 16) |
338 + (p->hl[3] << 8) | p->hl[2];
340 switch (m->in_op & FILE_OPS_MASK) {
342 - offset = (int32_t)((p->hl[1]<<24)|
347 + offset = lhs & off;
350 - offset = (int32_t)((p->hl[1]<<24)|
355 + offset = lhs | off;
358 - offset = (int32_t)((p->hl[1]<<24)|
363 + offset = lhs ^ off;
366 - offset = (int32_t)((p->hl[1]<<24)|
371 + offset = lhs + off;
374 - offset = (int32_t)((p->hl[1]<<24)|
379 + offset = lhs - off;
381 case FILE_OPMULTIPLY:
382 - offset = (int32_t)((p->hl[1]<<24)|
387 + offset = lhs * off;
390 - offset = (int32_t)((p->hl[1]<<24)|
395 + offset = lhs / off;
398 - offset = (int32_t)((p->hl[1]<<24)|
403 + offset = lhs % off;
407 - offset = (int32_t)((p->hl[1]<<24)|
412 if (m->in_op & FILE_OPINVERSE)
416 - if (nbytes < (offset + 4))
417 + if (OFFSET_OOB(nbytes, offset, 4))
420 switch (m->in_op & FILE_OPS_MASK) {
421 @@ -1570,14 +1441,14 @@ mget(struct magic_set *ms, const unsigned char *s,
422 /* Verify we have enough data to match magic type */
425 - if (nbytes < (offset + 1)) /* should alway be true */
426 + if (OFFSET_OOB(nbytes, offset, 1))
433 - if (nbytes < (offset + 2))
434 + if (OFFSET_OOB(nbytes, offset, 2))
438 @@ -1596,26 +1467,26 @@ mget(struct magic_set *ms, const unsigned char *s,
442 - if (nbytes < (offset + 4))
443 + if (OFFSET_OOB(nbytes, offset, 4))
450 - if (nbytes < (offset + 8))
451 + if (OFFSET_OOB(nbytes, offset, 8))
458 - if (nbytes < (offset + m->vallen))
459 + if (OFFSET_OOB(nbytes, offset, m->vallen))
464 - if (nbytes < offset)
465 + if (nbytes < offset)
469 @@ -1623,7 +1494,7 @@ mget(struct magic_set *ms, const unsigned char *s,
470 if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 &&
471 file_printf(ms, m->desc) == -1)
473 - if (nbytes < offset)
474 + if (nbytes < offset)
476 return file_softmagic(ms, s + offset, nbytes - offset,