PR/555: Avoid overflow for offset > nbytes (programming error caused

by PR/550).

diff --git a/src/softmagic.c b/src/softmagic.c
index 6479b3494bccde5cfd6029a1dbf80601df1a3dcc..1ccfa571bdc6f9c7982a64a8a61d2cf80f159185 100644 (file)
--- a/src/softmagic.c
+++ b/src/softmagic.c
@@ -32,7 +32,7 @@
 #include "file.h"
 
 #ifndef        lint
-FILE_RCSID("@(#)$File: softmagic.c,v 1.231 2016/04/21 15:23:31 christos Exp $")
+FILE_RCSID("@(#)$File: softmagic.c,v 1.232 2016/06/01 22:01:15 christos Exp $")
 #endif /* lint */
 
 #include "magic.h"
@@ -1182,6 +1182,8 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir,
                switch (type) {
                case FILE_DER:
                case FILE_SEARCH:
+                       if (offset > nbytes)
+                               offset = nbytes;
                        ms->search.s = RCAST(const char *, s) + offset;
                        ms->search.s_len = nbytes - offset;
                        ms->search.offset = offset;