}
}
- /* Verify we have enough data to match magic type */
- switch (m->type) {
- case FILE_BYTE:
-- if (nbytes < (offset + 1)) /* should alway be true */
-+ if (OFFSET_OOB(nbytes, offset, 1))
- return 0;
- break;
-
- case FILE_SHORT:
- case FILE_BESHORT:
- case FILE_LESHORT:
-- if (nbytes < (offset + 2))
-+ if (OFFSET_OOB(nbytes, offset, 2))
- return 0;
- break;
-
-@@ -1679,38 +1658,40 @@
- case FILE_FLOAT:
- case FILE_BEFLOAT:
- case FILE_LEFLOAT:
-- if (nbytes < (offset + 4))
-+ if (OFFSET_OOB(nbytes, offset, 4))
- return 0;
- break;
-
- case FILE_DOUBLE:
- case FILE_BEDOUBLE:
- case FILE_LEDOUBLE:
-- if (nbytes < (offset + 8))
-+ if (OFFSET_OOB(nbytes, offset, 8))
- return 0;
- break;
-
- case FILE_STRING:
- case FILE_PSTRING:
- case FILE_SEARCH:
-- if (nbytes < (offset + m->vallen))
-+ if (OFFSET_OOB(nbytes, offset, m->vallen))
- return 0;
- break;
-
- case FILE_REGEX:
-- if (nbytes < offset)
-+ if (OFFSET_OOB(nbytes, offset, 0))
- return 0;
- break;
-
- case FILE_INDIRECT:
-- if (nbytes < offset)
-+ if (offset == 0)
-+ return 0;
-+ if (OFFSET_OOB(nbytes, offset, 0))
- return 0;
- sbuf = ms->o.buf;
- soffset = ms->offset;
- ms->o.buf = NULL;
- ms->offset = 0;
- rv = file_softmagic(ms, s + offset, nbytes - offset,
-- BINTEST, text);
-+ recursion_level, BINTEST, text);
- if ((ms->flags & MAGIC_DEBUG) != 0)
- fprintf(stderr, "indirect @offs=%u[%d]\n", offset, rv);
- rbuf = ms->o.buf;
-@@ -1718,16 +1699,26 @@
- ms->offset = soffset;
- if (rv == 1) {
- if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 &&
-- file_printf(ms, m->desc, offset) == -1)
-+ file_printf(ms, m->desc, offset) == -1) {
-+ if (rbuf) {
-+ efree(rbuf);
-+ }
+@@ -1759,7 +1737,9 @@
return -1;
-- if (file_printf(ms, "%s", rbuf) == -1)
-+ }
-+ if (file_printf(ms, "%s", rbuf) == -1) {
-+ if (rbuf) {
-+ efree(rbuf);
-+ }
+ if (file_printf(ms, "%s", rbuf) == -1)
return -1;
- free(rbuf);
+ + }
+ }
+ if (rbuf) {
+ efree(rbuf);
projects / php / commitdiff