fix segv from loop overrun

diff --git a/ChangeLog b/ChangeLog
index fff2f579c69d9231079dfe1f76dc68b4c9c19f8f..211fe3b0e310f8444009a1b53a2cfe3acf70a058 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2010-01-28  18:25  Christos Zoulas <christos@zoulas.com>
+
+       * Fix core-dump from unbound loop:
+         https://bugzilla.redhat.com/show_bug.cgi?id=533245
+
 2010-01-22  15:45  Christos Zoulas <christos@zoulas.com>
 
        * print proper mime for crystal reports file

diff --git a/src/softmagic.c b/src/softmagic.c
index d89ae84bf095e5e596e203ab6537005524893d66..275c1755566e2786d3d667a6b6a9e8f78fe592b0 100644 (file)
--- a/src/softmagic.c
+++ b/src/softmagic.c
@@ -32,7 +32,7 @@
 #include "file.h"
 
 #ifndef        lint
-FILE_RCSID("@(#)$File: softmagic.c,v 1.137 2009/05/08 23:25:46 christos Exp $")
+FILE_RCSID("@(#)$File: softmagic.c,v 1.138 2009/10/19 13:10:20 christos Exp $")
 #endif /* lint */
 
 #include "magic.h"
@@ -945,7 +945,7 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir,
                        buf = (const char *)s + offset;
                        end = last = (const char *)s + nbytes;
                        /* mget() guarantees buf <= last */
-                       for (lines = linecnt, b = buf; lines &&
+                       for (lines = linecnt, b = buf; lines && b < end &&
                             ((b = CAST(const char *,
                                 memchr(c = b, '\n', CAST(size_t, (end - b)))))
                             || (b = CAST(const char *,