[packages/php.git] / php-5.3.3-CVE-2014-3587.patch

From 0641e56be1af003aa02c7c6b0184466540637233 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Thu, 7 Aug 2014 09:38:35 +0000
Subject: [PATCH] Prevent wrap around (Remi Collet at redhat)

---
 src/cdf.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/cdf.c b/src/cdf.c
index 5dbf3b1..3e691f4 100644
--- a/ext/fileinfo/libmagic/cdf.c	2014-08-14 14:40:06.875720471 +0200
+++ b/ext/fileinfo/libmagic/cdf.c	2014-08-14 14:41:19.907273015 +0200
@@ -768,6 +768,10 @@
 		q = (const uint32_t *)(const void *)
 		    ((const char *)(const void *)p + ofs
 		    - 2 * sizeof(uint32_t));
+		if (q < p) {
+			DPRINTF(("Wrapped around %p < %p\n", q, p));
+			goto out;
+		}
 		if (q > e) {
 			DPRINTF(("Ran of the end %p > %p\n", q, e));
 			goto out;
-- 
2.0.3
Commit	Line	Data
9fd17760 ER	1	From 0641e56be1af003aa02c7c6b0184466540637233 Mon Sep 17 00:00:00 2001
	2	From: Christos Zoulas <christos@zoulas.com>
	3	Date: Thu, 7 Aug 2014 09:38:35 +0000
	4	Subject: [PATCH] Prevent wrap around (Remi Collet at redhat)
	5
	6	---
	7	src/cdf.c \| 6 +++++-
	8	1 file changed, 5 insertions(+), 1 deletion(-)
	9
	10	diff --git a/src/cdf.c b/src/cdf.c
	11	index 5dbf3b1..3e691f4 100644
	12	--- a/ext/fileinfo/libmagic/cdf.c 2014-08-14 14:40:06.875720471 +0200
	13	+++ b/ext/fileinfo/libmagic/cdf.c 2014-08-14 14:41:19.907273015 +0200
	14	@@ -768,6 +768,10 @@
	15	q = (const uint32_t )(const void )
	16	((const char )(const void )p + ofs
	17	- 2 * sizeof(uint32_t));
	18	+ if (q < p) {
	19	+ DPRINTF(("Wrapped around %p < %p\n", q, p));
	20	+ goto out;
	21	+ }
	22	if (q > e) {
	23	DPRINTF(("Ran of the end %p > %p\n", q, e));
	24	goto out;
	25	--
	26	2.0.3
	27