- Fileinfo:
. Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS).
- (CVE-2014-0238).
+ . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
+ performance degradation).
- FPM:
. Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
cdf_unpack_summary_info(const cdf_stream_t *sst, const cdf_header_t *h,
cdf_summary_info_header_t *ssi, cdf_property_info_t **info, size_t *count)
{
- size_t i, maxcount;
+ size_t maxcount;
const cdf_summary_info_header_t *si =
CAST(const cdf_summary_info_header_t *, sst->sst_tab);
const cdf_section_declaration_t *sd =
ssi->si_os = CDF_TOLE2(si->si_os);
ssi->si_class = si->si_class;
cdf_swap_class(&ssi->si_class);
- ssi->si_count = CDF_TOLE2(si->si_count);
+ ssi->si_count = CDF_TOLE4(si->si_count);
*count = 0;
maxcount = 0;
*info = NULL;
- for (i = 0; i < CDF_TOLE4(si->si_count); i++) {
- if (i >= CDF_LOOP_LIMIT) {
- DPRINTF(("Unpack summary info loop limit"));
- errno = EFTYPE;
- return -1;
- }
- if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset),
- info, count, &maxcount) == -1) {
+ if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset), info,
+ count, &maxcount) == -1)
return -1;
- }
- }
return 0;
}
projects / php / commitdiff