]> granicus.if.org Git - file/commitdiff
projects / file / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b6e8437)
PR/454: Fix memory corruption when the continuation level jumps by more than
authorChristos Zoulas <christos@zoulas.com>
Wed, 3 Jun 2015 18:01:20 +0000 (18:01 +0000)
committerChristos Zoulas <christos@zoulas.com>
Wed, 3 Jun 2015 18:01:20 +0000 (18:01 +0000)
20 in a single step.

src/funcs.c patch | blob | history

diff --git a/src/funcs.c b/src/funcs.c
index 7ce431e5f51c43a7e17ed0b664cb156dfb45100a..b7160cc73474ce8d85903a6bfccaec5162c7919b 100644 (file)
--- a/src/funcs.c
+++ b/src/funcs.c
@@ -27,7 +27,7 @@
 #include "file.h"
 
 #ifndef        lint
-FILE_RCSID("@(#)$File: funcs.c,v 1.80 2015/01/02 21:29:39 christos Exp $")
+FILE_RCSID("@(#)$File: funcs.c,v 1.81 2015/05/28 19:26:59 christos Exp $")
 #endif /* lint */
 
 #include "magic.h"
@@ -416,7 +416,7 @@ file_check_mem(struct magic_set *ms, unsigned int level)
        size_t len;
 
        if (level >= ms->c.len) {
-               len = (ms->c.len += 20) * sizeof(*ms->c.li);
+               len = (ms->c.len = 20 + level) * sizeof(*ms->c.li);
                ms->c.li = CAST(struct level_info *, (ms->c.li == NULL) ?
                    malloc(len) :
                    realloc(ms->c.li, len));
Unnamed repository; edit this file 'description' to name the repository.